Total
73 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1989 | 1 Codesys | 1 Visualization | 2024-11-21 | 5.3 Medium |
| All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users. | ||||
| CVE-2021-39189 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 5.3 Medium |
| Pimcore is an open source data & experience management platform. In versions prior to 10.1.3, it is possible to enumerate usernames via the forgot password functionality. This issue is fixed in version 10.1.3. As a workaround, one may apply the available patch manually. | ||||
| CVE-2021-38476 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2024-11-21 | 6.5 Medium |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user accounts. | ||||
| CVE-2021-36201 | 1 Johnsoncontrols | 2 C-cure 9000, C-cure 9000 Firmware | 2024-11-21 | 4.3 Medium |
| Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions. | ||||
| CVE-2021-34580 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 7.5 High |
| In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts. | ||||
| CVE-2021-20049 | 1 Sonicwall | 12 Sma100, Sma200, Sma210 and 9 more | 2024-11-21 | 7.5 High |
| A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1.2-24sv, 10.2.0.8-37sv and earlier 10.x versions. | ||||
| CVE-2016-9499 | 1 Accellion | 1 Ftp Server | 2024-11-21 | N/A |
| Accellion FTP server prior to version FTA_9_12_220 only returns the username in the server response if the username is invalid. An attacker may use this information to determine valid user accounts and enumerate them. | ||||
| CVE-2022-20633 | 1 Cisco | 1 Enterprise Chat And Email | 2024-11-18 | 5.3 Medium |
| A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to perform a username enumeration attack against an affected device. This vulnerability is due to differences in authentication responses that are sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to an affected device. A successful exploit could allow the attacker to confirm existing user accounts, which could be used in further attacks. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2024-47129 | 1 Gotenna | 2 Gotenna Pro, Pro App | 2024-10-17 | 4.3 Medium |
| The goTenna Pro App does not inject extra characters into broadcasted frames to obfuscate the length of messages. This makes it possible to tell the length of the payload regardless of the encryption used. | ||||
| CVE-2024-41715 | 1 Gotenna | 1 Atak Plugin | 2024-10-17 | 4.3 Medium |
| The goTenna Pro ATAK Plugin does not inject extra characters into broadcasted frames to obfuscate the length of messages. This makes it possible to tell the length of the payload regardless of the encryption used. | ||||
| CVE-2024-8651 | 1 Netcat | 2 Netcat, Netcat Content Management System | 2024-09-23 | 5.3 Medium |
| A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor https://netcat.ru/ https://netcat.ru/] . Versions 6.4.0.24248 and on have the patch. | ||||
| CVE-2024-34336 | 1 Ordat | 2 Foss-online, Ordat.erp | 2024-09-18 | 5.3 Medium |
| User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality. | ||||
| CVE-2024-42343 | 1 Loway | 1 Queuemetrics | 2024-09-11 | 5.3 Medium |
| Loway - CWE-204: Observable Response Discrepancy | ||||