CVE-2025-0361

MEDIUM Year: 2025
CVSS v3 Score
4.3
Medium
Weakness Type
CWE-203
View all →

Vulnerability Description

During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API.

Related Vulnerabilities

CVE-2019-12383

MEDIUM
CVSS:4.3(Medium)

Tor Browser before 8.0.1 has an information exposure vulnerability. It allows remote attackers to detect the browser's UI locale by measuring a button width, even if the user has a "Don't send my lang...

CWE-2032019

CVE-2020-35473

MEDIUM
CVSS:4.3(Medium)

An information leakage vulnerability in the Bluetooth Low Energy advertisement scan response in Bluetooth Core Specifications 4.0 through 5.2, and extended scan response in Bluetooth Core Specificatio...

CWE-2032020

CVE-2020-6531

MEDIUM
CVSS:4.3(Medium)

Side-channel information leakage in scroll to text in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CWE-2032020

CVE-2021-20376

MEDIUM
CVSS:4.3(Medium)

IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. IBM X-Force ID: 195568...

CWE-2032021

CVE-2021-34576

MEDIUM
CVSS:4.3(Medium)

In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. This may give sensitive information (water consumption without distinct values) to third part...

CWE-2032021

CVE-2021-37968

MEDIUM
CVSS:4.3(Medium)

Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CWE-2032021