Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-27 | CVE-2023-44216 | Information Exposure Through Discrepancy vulnerability in multiple products PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. | 5.3 |
| 2023-09-20 | CVE-2023-25529 | Information Exposure Through Discrepancy vulnerability in Nvidia DGX H100 Firmware NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. | 8.1 |
| 2023-09-19 | CVE-2023-4095 | Information Exposure Through Discrepancy vulnerability in Fujitsu Arconte Aurea 1.5.0.0 User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. | 5.3 |
| 2023-09-12 | CVE-2023-41885 | Information Exposure Through Discrepancy vulnerability in Piccolo-Orm Piccolo Piccolo is an ORM and query builder which supports asyncio. | 5.3 |
| 2023-09-04 | CVE-2023-3221 | Information Exposure Through Discrepancy vulnerability in Password Recovery Project Password Recovery 1.2 User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database. | 5.3 |
| 2023-08-29 | CVE-2023-39522 | Information Exposure Through Discrepancy vulnerability in Goauthentik Authentik goauthentik is an open-source Identity Provider. | 5.3 |
| 2023-08-28 | CVE-2023-40756 | Information Exposure Through Discrepancy vulnerability in PHPjabbers Callback Widget 1.0 User enumeration is found in PHPJabbers Callback Widget v1.0. | 9.8 |
| 2023-08-22 | CVE-2023-33850 | Information Exposure Through Discrepancy vulnerability in IBM Cics TX and Txseries for Multiplatform IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. | 7.5 |
| 2023-08-16 | CVE-2023-40021 | Information Exposure Through Discrepancy vulnerability in Oppia Oppia is an online learning platform. | 5.3 |
| 2023-08-16 | CVE-2023-40343 | Information Exposure Through Discrepancy vulnerability in Jenkins Tuleap Authentication Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token. | 5.9 |