Search Results (761 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0294 1 Yabbforumsoftware 1 Yet Another Bulletin Board 2026-04-16 N/A
YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.
CVE-2004-2252 1 Sophos 1 Astaro Security Linux 2026-04-16 N/A
The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks.
CVE-2004-2150 1 Nettica 1 Intellipeer Email Server 2026-04-16 N/A
Nettica Corporation INTELLIPEER Email Server 1.01 displays different error messages for valid and invalid account names, which allows remote attackers to determine valid account names.
CVE-2004-0243 1 Ibm 1 Aix 2026-04-16 N/A
AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.
CVE-2002-0514 1 Openbsd 1 Openbsd 2026-04-16 N/A
PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL.
CVE-2002-0515 1 Phildev 1 Ipfilter 2026-04-16 N/A
IPFilter 3.4.25 and earlier sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.
CVE-2001-1528 1 Amtote 1 Homebet 2026-04-16 N/A
AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote attackers to determine the existence of valid account numbers via a brute force attack.
CVE-2003-0190 4 Openbsd, Openpkg, Redhat and 1 more 8 Openssh, Openpkg, Enterprise Linux and 5 more 2026-04-16 N/A
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
CVE-2005-0918 2 Adobe, Microsoft 2 Svg Viewer, Internet Explorer 2026-04-16 N/A
The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not.
CVE-2001-1387 2 Netfilter, Redhat 2 Iptables, Linux 2026-04-16 N/A
iptables-save in iptables before 1.2.4 records the "--reject-with icmp-host-prohibited" rule as "--reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak.
CVE-2024-3296 1 Redhat 1 Enterprise Linux 2026-04-15 5.9 Medium
A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.
CVE-2022-50800 1 H3c 1 Ssl Vpn 2026-04-15 7.5 High
H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the login_submit.cgi endpoint and analyze response messages to distinguish between existing and non-existing accounts.
CVE-2025-23182 2026-04-15 4.3 Medium
CWE-203: Observable Discrepancy
CVE-2023-5410 1 Hp Inc 4 Business Desktop Pcs, Business Notebook Pcs, Thin Client and 1 more 2026-04-15 8.2 High
A potential security vulnerability has been reported in the system BIOS of certain HP PC products, which might allow memory tampering. HP is releasing mitigation for the potential vulnerability.
CVE-2024-54454 2026-04-15 5.3 Medium
An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. An Observable Response Discrepancy vulnerability in the sendPasswordReinitLink action of the unlogged.do page allows remote attackers to test whether a username is valid or not. This allows confirmation of valid usernames.
CVE-2024-28885 2026-04-15 5.9 Medium
Observable discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access.
CVE-2024-40490 1 Sourcebans-pp Project 1 Sourcebans-pp 2026-04-15 7.5 High
An issue in Sourcebans++ before v.1.8.0 allows a remote attacker to obtain sensitive information via a crafted XAJAX call to the Forgot Password function.
CVE-2025-1468 2026-04-15 7.5 High
An unauthenticated remote attacker can gain access to sensitive information including authentication information when using CODESYS OPC UA Server with the non-default Basic128Rsa15 security policy.
CVE-2023-37482 2026-04-15 5.3 Medium
The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames.
CVE-2025-47872 1 Eg4 Electronics 7 Eg4 12000xp, Eg4 12kpv, Eg4 18kpv and 4 more 2026-04-15 5.8 Medium
The public-facing product registration endpoint server responds differently depending on whether the S/N is valid and unregistered, valid but already registered, or does not exist in the database. Combined with the fact that serial numbers are sequentially assigned, this allows an attacker to gain information on the product registration status of different S/Ns.