Total
672 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54454 | 2024-12-31 | 5.3 Medium | ||
| An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. An Observable Response Discrepancy vulnerability in the sendPasswordReinitLink action of the unlogged.do page allows remote attackers to test whether a username is valid or not. This allows confirmation of valid usernames. | ||||
| CVE-2024-13028 | 2024-12-30 | 3.7 Low | ||
| A vulnerability, which was classified as problematic, has been found in Antabot White-Jotter up to 0.2.2. This issue affects some unknown processing of the file /login. The manipulation of the argument username leads to observable response discrepancy. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-47155 | 2024-12-27 | 5.5 Medium | ||
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | ||||
| CVE-2024-47154 | 2024-12-27 | 5.5 Medium | ||
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | ||||
| CVE-2024-47153 | 2024-12-27 | 6.2 Medium | ||
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | ||||
| CVE-2024-8994 | 2024-12-26 | 6.2 Medium | ||
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | ||||
| CVE-2024-8993 | 2024-12-26 | 6.2 Medium | ||
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | ||||
| CVE-2024-8992 | 2024-12-26 | 4 Medium | ||
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | ||||
| CVE-2024-47156 | 2024-12-26 | 3.3 Low | ||
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | ||||
| CVE-2024-47150 | 2024-12-26 | 3.3 Low | ||
| Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | ||||
| CVE-2024-47149 | 2024-12-26 | 3.3 Low | ||
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | ||||
| CVE-2024-39891 | 1 Twilio | 2 Authy, Authy Authenticator | 2024-12-20 | 5.3 Medium |
| In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. Specifically, the endpoint accepted a stream of requests containing phone numbers, and responded with information about whether each phone number was registered with Authy. (Authy accounts were not compromised, however.) | ||||
| CVE-2024-11297 | 2024-12-20 | 5.3 Medium | ||
| The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | ||||
| CVE-2024-54476 | 1 Apple | 1 Macos | 2024-12-19 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data. | ||||
| CVE-2024-12663 | 2024-12-16 | 3.7 Low | ||
| A vulnerability classified as problematic was found in funnyzpc Mee-Admin up to 1.6. This vulnerability affects unknown code of the file /mee/login of the component Login. The manipulation of the argument username leads to observable response discrepancy. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-42792 | 1 Apple | 2 Ipados, Iphone Os | 2024-12-06 | 5.5 Medium |
| This issue was addressed with improved data protection. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to read sensitive location information | ||||
| CVE-2024-54002 | 1 Dependencytrack | 1 Dependency-track | 2024-12-04 | 5.3 Medium |
| Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Performing a login request against the /api/v1/user/login endpoint with a username that exist in the system takes significantly longer than performing the same action with a username that is not known by the system. The observable difference in request duration can be leveraged by actors to enumerate valid names of managed users. LDAP and OpenID Connect users are not affected. The issue has been fixed in Dependency-Track 4.12.2. | ||||
| CVE-2020-11063 | 1 Typo3 | 1 Typo3 | 2024-12-03 | 3.7 Low |
| In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2. | ||||
| CVE-2018-0134 | 1 Cisco | 1 Mobility Services Engine | 2024-12-02 | 5.3 Medium |
| A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. The vulnerability occurs because the Cisco Policy Suite RADIUS server component returns different authentication failure messages based on the validity of usernames. An attacker could use these messages to determine whether a valid subscriber username has been identified. The attacker could use this information in subsequent attacks against the system. Cisco Bug IDs: CSCvg47830. | ||||
| CVE-2023-20575 | 1 Amd | 176 Epyc 5552, Epyc 5552 Firmware, Epyc 7232p and 173 more | 2024-11-27 | 6.5 Medium |
| A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information. | ||||