Vulnerabilities > Information Exposure Through Discrepancy

DATE CVE VULNERABILITY TITLE RISK
2025-02-11 CVE-2023-37482 The login functionality of the web server in affected devices does not normalize the response times of login attempts.
network
low complexity
CWE-203
5.3
2025-01-31 CVE-2024-45089 IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.3 Standard Edition EBICS server could allow an authenticated user to obtain sensitive filename information due to an observable discrepancy.
network
low complexity
CWE-203
4.3
2025-01-21 CVE-2025-24011 Information Exposure Through Discrepancy vulnerability in Umbraco CMS
Umbraco is a free and open source .NET content management system.
network
low complexity
umbraco CWE-203
5.3
2025-01-14 CVE-2024-36510 Information Exposure Through Discrepancy vulnerability in Fortinet Forticlientems and Fortisoar
An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses.
network
low complexity
fortinet CWE-203
5.3
2024-11-05 CVE-2024-50102 Information Exposure Through Discrepancy vulnerability in Linux Kernel
In the Linux kernel, the following vulnerability has been resolved: x86: fix user address masking non-canonical speculation issue It turns out that AMD has a "Meltdown Lite(tm)" issue with non-canonical accesses in kernel space.
local
low complexity
linux CWE-203
5.5
2024-11-05 CVE-2024-51739 Information Exposure Through Discrepancy vulnerability in Combodo Itop
Combodo iTop is a simple, web based IT Service Management tool.
network
low complexity
combodo CWE-203
5.3
2024-11-01 CVE-2024-41741 Information Exposure Through Discrepancy vulnerability in IBM Txseries for Multiplatforms 10.1
IBM TXSeries for Multiplatforms 10.1 could allow an attacker to determine valid usernames due to an observable timing discrepancy which could be used in further attacks against the system.
network
low complexity
ibm CWE-203
5.3
2024-10-29 CVE-2024-10463 Information Exposure Through Discrepancy vulnerability in Mozilla Thunderbird
Video frames could have been leaked between origins in some situations.
network
low complexity
mozilla CWE-203
6.5
2024-10-29 CVE-2024-7010 Information Exposure Through Discrepancy vulnerability in Mudler Localai 2.17.1
mudler/localai version 2.17.1 is vulnerable to a Timing Attack.
network
high complexity
mudler CWE-203
5.9
2024-10-24 CVE-2024-49358 Information Exposure Through Discrepancy vulnerability in Zimaspace Zimaos
ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI.
network
low complexity
zimaspace CWE-203
5.3