Vulnerabilities > Information Exposure Through Discrepancy

DATE CVE VULNERABILITY TITLE RISK
2024-06-10 CVE-2024-37880 Information Exposure Through Discrepancy vulnerability in Pq-Crystals Kyber
The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes.
network
low complexity
pq-crystals CWE-203
7.5
2024-06-09 CVE-2024-2408 Information Exposure Through Discrepancy vulnerability in multiple products
The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection).
network
high complexity
php fedoraproject CWE-203
5.9
2024-06-07 CVE-2024-31878 Information Exposure Through Discrepancy vulnerability in IBM I
IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker.
network
low complexity
ibm CWE-203
5.3
2024-02-21 CVE-2022-45177 Information Exposure Through Discrepancy vulnerability in Liveboxcloud Vdesk
An issue was discovered in LIVEBOX Collaboration vDesk through v031.
network
low complexity
liveboxcloud CWE-203
7.5
2024-02-08 CVE-2024-25189 Information Exposure Through Discrepancy vulnerability in Bencollins JWT C Library 1.15.3
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
network
low complexity
bencollins CWE-203
critical
9.8
2024-02-08 CVE-2024-25190 Information Exposure Through Discrepancy vulnerability in Glitchedpolygons L8W8Jwt 2.2.1
l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
network
low complexity
glitchedpolygons CWE-203
critical
9.8
2024-02-08 CVE-2024-25191 Information Exposure Through Discrepancy vulnerability in Zihanggao PHP-Jwt 1.0.0
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
network
low complexity
zihanggao CWE-203
critical
9.8
2024-02-08 CVE-2024-25146 Information Exposure Through Discrepancy vulnerability in Liferay DXP and Liferay Portal
Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs.
network
low complexity
liferay CWE-203
5.3
2024-02-07 CVE-2023-51437 Information Exposure Through Discrepancy vulnerability in Apache Pulsar
Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue.
network
high complexity
apache CWE-203
7.4
2024-02-05 CVE-2023-50781 Information Exposure Through Discrepancy vulnerability in multiple products
A flaw was found in m2crypto.
network
low complexity
redhat m2crypto-project CWE-203
7.5