Fallos del tipo CWE-203
294 resultadosCVE-2024-13198MEDIUMlanghsu Mblog Blog System login observable response discrepancyEPSS 0.7%CVE-2023-26215HIGHTIBCO EBX® Add-ons Path TraversalEPSS 0.7%CVE-2022-43411MEDIUMJenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhooEPSS 0.7%CVE-2025-21510HIGHVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are EPSS 0.7%CVE-2023-27870MEDIUMIBM Spectrum Virtualize information disclosureEPSS 0.7%CVE-2023-26071HIGHAn issue was discovered in MCUBO ICT through 10.12.4 (aka 6.0.2). An Observable Response Discrepancy can occur under the login web page. In EPSS 0.7%CVE-2022-44381MEDIUMSnipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.EPSS 0.6%CVE-2022-20940MEDIUMA vulnerability in the TLS handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain EPSS 0.6%CVE-2023-40021MEDIUMTiming Attack Reveals CSRF Tokens in oppiaEPSS 0.6%CVE-2022-41765MEDIUMAn issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. HTMLUserTextField exposes theEPSS 0.6%CVE-2022-40084MEDIUMOpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a passEPSS 0.6%CVE-2024-41952MEDIUMZitadel has an "Ignoring unknown usernames" vulnerabilityEPSS 0.6%CVE-2023-47102MEDIUMUrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid.EPSS 0.6%CVE-2024-0564MEDIUMKernel: max page sharing of kernel samepage merging (ksm) may cause memory deduplicationEPSS 0.6%CVE-2023-52323MEDIUMPyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.EPSS 0.6%CVE-2025-21336MEDIUMWindows Cryptographic Information Disclosure VulnerabilityEPSS 0.6%CVE-2025-27667CRITICALVasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Administrative User Email EnumeratiEPSS 0.6%CVE-2023-3462MEDIUMVault's LDAP Auth Method Allows for User EnumerationEPSS 0.6%CVE-2020-12413MEDIUMThe Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification. To mitigate this vulnerability, Firefox disabledEPSS 0.6%CVE-2022-31742MEDIUMAn attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between iEPSS 0.6%