CVE-2024-2464

MEDIUM Year: 2024
CVSS v3 Score
6.3
Medium
Weakness Type
CWE-203
View all →

Vulnerability Description

This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1.

Related Vulnerabilities

CVE-2019-13627

MEDIUM
CVSS:6.3(Medium)

It was discovered that there was a ECDSA timing attack in the libgcrypt20 cryptographic library. Version affected: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Versions fixed: 1.8.5-2 and 1.6.3-2+deb8...

CWE-2032019

CVE-2022-0823

MEDIUM
CVSS:6.2(Medium)

An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack.

CWE-2032022

CVE-2024-47153

MEDIUM
CVSS:6.2(Medium)

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

CWE-2032024

CVE-2024-8993

MEDIUM
CVSS:6.2(Medium)

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

CWE-2032024

CVE-2024-8994

MEDIUM
CVSS:6.2(Medium)

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak.

CWE-2032024

CVE-2018-3615

MEDIUM
CVSS:6.4(Medium)

Systems with microprocessors utilizing speculative execution and Intel software guard extensions (Intel SGX) may allow unauthorized disclosure of information residing in the L1 data cache from an encl...

CWE-2032018