Vulnerabilities > Information Exposure Through Discrepancy

DATE CVE VULNERABILITY TITLE RISK
2021-02-03 CVE-2020-9389 Information Exposure Through Discrepancy vulnerability in Squaredup
A username enumeration issue was discovered in SquaredUp before version 4.6.0.
network
squaredup CWE-203
4.3
2021-01-08 CVE-2020-28208 Information Exposure Through Discrepancy vulnerability in Rocket.Chat
An email address enumeration vulnerability exists in the password reset function of Rocket.Chat through 3.9.1.
network
low complexity
rocket-chat CWE-203
5.0
2021-01-07 CVE-2021-3011 Information Exposure Through Discrepancy vulnerability in multiple products
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9.
1.9
2020-12-21 CVE-2020-35624 Information Exposure Through Discrepancy vulnerability in Mediawiki
An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1.
network
low complexity
mediawiki CWE-203
5.0
2020-12-15 CVE-2020-29480 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian CWE-203
2.1
2020-12-14 CVE-2020-0464 Information Exposure Through Discrepancy vulnerability in Google Android 10.0
In resolv_cache_lookup of res_cache.cpp, there is a possible side channel information disclosure.
local
low complexity
google CWE-203
2.1
2020-11-12 CVE-2020-12912 Information Exposure Through Discrepancy vulnerability in AMD Energy Driver for Linux
A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks.
local
low complexity
amd CWE-203
2.1
2020-11-10 CVE-2020-28368 Information Exposure Through Discrepancy vulnerability in multiple products
Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack.
local
low complexity
xen fedoraproject CWE-203
2.1
2020-11-02 CVE-2020-26939 Information Exposure Through Discrepancy vulnerability in Bouncycastle Legion-Of-The-Bouncy-Castle
In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs.
network
low complexity
bouncycastle CWE-203
5.0
2020-10-21 CVE-2020-3585 Information Exposure Through Discrepancy vulnerability in Cisco products
A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information.
network
cisco CWE-203
4.3