Total
90 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-39343 | 1 Sulu | 1 Sulu | 2024-11-21 | N/A | 4.3 MEDIUM |
| Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10. | |||||
| CVE-2023-37831 | 1 Elenos | 2 Etg150, Etg150 Firmware | 2024-11-21 | N/A | 5.3 MEDIUM |
| An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted. | |||||
| CVE-2023-37217 | 1 Tadirantele | 1 Aeonix | 2024-11-21 | N/A | 5.3 MEDIUM |
| Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy | |||||
| CVE-2023-35698 | 1 Sick | 2 Icr890-4, Icr890-4 Firmware | 2024-11-21 | N/A | 5.3 MEDIUM |
| Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt. | |||||
| CVE-2023-33859 | 1 Ibm | 1 Security Qradar Edr | 2024-11-21 | N/A | 5.3 MEDIUM |
| IBM Security QRadar EDR 3.12 could disclose sensitive information due to an observable login response discrepancy. IBM X-Force ID: 257697. | |||||
| CVE-2023-32346 | 1 Teltonika | 1 Remote Management System | 2024-11-21 | N/A | 5.3 MEDIUM |
| Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a device has already been claimed, the MAC address of a device has already been claimed, or whether the attempt to claim a device was successful. An attacker could exploit this to create a list of the serial numbers and MAC addresses of all devices cloud-connected to the Remote Management System. | |||||
| CVE-2023-31186 | 1 Avaya | 1 Ix Workforce Engagement | 2024-11-21 | N/A | 5.3 MEDIUM |
| Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy | |||||
| CVE-2023-28412 | 2 Control4, Snapone | 13 Ca-1, Ca-10, Ea-1 and 10 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. The MAC address of devices can be enumerated in an attack and the OvrC cloud will disclose their information. | |||||
| CVE-2023-27464 | 1 Mendix | 1 Forgot Password | 2024-11-21 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.1), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.1), Mendix Forgot Password (Mendix 9 compatible) (All versions < V5.1.1). The affected versions of the module contain an observable response discrepancy issue that could allow an attacker to retrieve sensitive information. | |||||
| CVE-2023-23584 | 1 Gallagher | 1 Command Centre | 2024-11-21 | N/A | 4.3 MEDIUM |
| An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. This issue affects: Gallagher Command Centre 8.70 prior to vEL8.70.1787 (MR2), 8.60 prior to vEL8.60.2039 (MR4), all version of 8.50 and prior. | |||||
| CVE-2023-23449 | 1 Sick | 14 Ftmg-esd15axx, Ftmg-esd15axx Firmware, Ftmg-esd20axx and 11 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames by analyzing challenge responses from the server via the REST interface. | |||||
| CVE-2023-1540 | 1 Answer | 1 Answer | 2024-11-21 | N/A | 5.3 MEDIUM |
| Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6. | |||||
| CVE-2022-41697 | 1 Ghost | 1 Ghost | 2024-11-21 | N/A | 5.3 MEDIUM |
| A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability. | |||||
| CVE-2022-39315 | 1 Getkirby | 1 Kirby | 2024-11-21 | N/A | 6.5 MEDIUM |
| Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, a user enumeration vulnerability affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. It can only be exploited for targeted attacks because the attack does not scale to brute force. The problem has been patched in Kirby 3.5.8.2, Kirby 3.6.6.2, Kirby 3.7.5.1, and Kirby 3.8.1. In all of the mentioned releases, the maintainers have rewritten the affected code so that the delay is also inserted after the brute force limit is reached. | |||||
| CVE-2022-39228 | 1 Vantage6 | 1 Vantage6 | 2024-11-21 | N/A | 5.3 MEDIUM |
| vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is entered a number of times, the user account is blocked temporarily. This issue has been fixed in version 3.8.0. | |||||
| CVE-2022-31248 | 1 Suse | 1 Manager Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37-1. | |||||
| CVE-2022-22520 | 2 Helmholz, Mbconnectline | 4 Myrex24, Myrex24.virtual, Mbconnect24 and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. | |||||
| CVE-2022-1989 | 1 Codesys | 1 Visualization | 2024-11-21 | N/A | 5.3 MEDIUM |
| All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users. | |||||
| CVE-2021-39189 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually. | |||||
| CVE-2021-38476 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user accounts. | |||||