Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-21 | CVE-2022-45177 | Information Exposure Through Discrepancy vulnerability in Liveboxcloud Vdesk An issue was discovered in LIVEBOX Collaboration vDesk through v031. | 7.5 |
| 2024-02-08 | CVE-2024-25189 | Information Exposure Through Discrepancy vulnerability in Bencollins JWT C Library 1.15.3 libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | 9.8 |
| 2024-02-08 | CVE-2024-25190 | Information Exposure Through Discrepancy vulnerability in Glitchedpolygons L8W8Jwt 2.2.1 l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | 9.8 |
| 2024-02-08 | CVE-2024-25191 | Information Exposure Through Discrepancy vulnerability in Zihanggao PHP-Jwt 1.0.0 php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | 9.8 |
| 2024-02-08 | CVE-2024-25146 | Information Exposure Through Discrepancy vulnerability in Liferay DXP and Liferay Portal Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. | 5.3 |
| 2024-02-07 | CVE-2023-51437 | Information Exposure Through Discrepancy vulnerability in Apache Pulsar Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. | 7.4 |
| 2024-02-05 | CVE-2023-50781 | Information Exposure Through Discrepancy vulnerability in multiple products A flaw was found in m2crypto. | 7.5 |
| 2024-02-05 | CVE-2023-50782 | Information Exposure Through Discrepancy vulnerability in multiple products A flaw was found in the python-cryptography package. | 7.5 |
| 2024-02-05 | CVE-2024-0202 | Information Exposure Through Discrepancy vulnerability in Cryptlib 3.4.4 A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS (by setting the USE_RSA_SUITES define), it will be vulnerable to the timing variant of the Bleichenbacher attack. | 5.9 |
| 2024-02-04 | CVE-2023-6240 | Information Exposure Through Discrepancy vulnerability in multiple products A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. | 6.5 |