Total
79 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-1540 | 1 Answer | 1 Answer | 2024-11-21 | N/A | 5.3 MEDIUM |
| Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6. | |||||
| CVE-2022-41697 | 1 Ghost | 1 Ghost | 2024-11-21 | N/A | 5.3 MEDIUM |
| A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability. | |||||
| CVE-2022-39315 | 1 Getkirby | 1 Kirby | 2024-11-21 | N/A | 6.5 MEDIUM |
| Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, a user enumeration vulnerability affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. It can only be exploited for targeted attacks because the attack does not scale to brute force. The problem has been patched in Kirby 3.5.8.2, Kirby 3.6.6.2, Kirby 3.7.5.1, and Kirby 3.8.1. In all of the mentioned releases, the maintainers have rewritten the affected code so that the delay is also inserted after the brute force limit is reached. | |||||
| CVE-2022-39228 | 1 Vantage6 | 1 Vantage6 | 2024-11-21 | N/A | 5.3 MEDIUM |
| vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. vantage6 does not inform the user of wrong username/password combination if the username actually exists. This is an attempt to prevent bots from obtaining usernames. However, if a wrong password is entered a number of times, the user account is blocked temporarily. This issue has been fixed in version 3.8.0. | |||||
| CVE-2022-31248 | 1 Suse | 1 Manager Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37-1. | |||||
| CVE-2022-22520 | 2 Helmholz, Mbconnectline | 4 Myrex24, Myrex24.virtual, Mbconnect24 and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. | |||||
| CVE-2022-1989 | 1 Codesys | 1 Visualization | 2024-11-21 | N/A | 5.3 MEDIUM |
| All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users. | |||||
| CVE-2021-39189 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually. | |||||
| CVE-2021-38476 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user accounts. | |||||
| CVE-2021-36201 | 1 Johnsoncontrols | 2 C-cure 9000, C-cure 9000 Firmware | 2024-11-21 | N/A | 4.3 MEDIUM |
| Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions. | |||||
| CVE-2021-34580 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts. | |||||
| CVE-2021-20049 | 1 Sonicwall | 12 Sma100, Sma200, Sma210 and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions. | |||||
| CVE-2016-9499 | 1 Accellion | 1 Ftp Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them. | |||||
| CVE-2022-20633 | 2024-11-18 | N/A | 5.3 MEDIUM | ||
| A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device. This vulnerability is due to differences in authentication responses that are sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to an affected device. A successful exploit could allow the attacker to confirm existing user accounts, which could be used in further attacks. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2024-47129 | 1 Gotenna | 1 Gotenna Pro | 2024-10-17 | N/A | 4.3 MEDIUM |
| The goTenna Pro App does not inject extra characters into broadcasted frames to obfuscate the length of messages. This makes it possible to tell the length of the payload regardless of the encryption used. | |||||
| CVE-2024-41715 | 1 Gotenna | 1 Atak Plugin | 2024-10-17 | N/A | 4.3 MEDIUM |
| The goTenna Pro ATAK Plugin does not inject extra characters into broadcasted frames to obfuscate the length of messages. This makes it possible to tell the length of the payload regardless of the encryption used. | |||||
| CVE-2024-8651 | 1 Netcat | 1 Netcat Content Management System | 2024-09-23 | N/A | 5.3 MEDIUM |
| A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch. | |||||
| CVE-2024-34336 | 1 Ordat | 1 Ordat.erp | 2024-09-18 | N/A | 5.3 MEDIUM |
| User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality. | |||||
| CVE-2024-42343 | 1 Loway | 1 Queuemetrics | 2024-09-11 | N/A | 5.3 MEDIUM |
| Loway - CWE-204: Observable Response Discrepancy | |||||