Vulnerabilities > Information Exposure Through Discrepancy

DATE CVE VULNERABILITY TITLE RISK
2023-04-24 CVE-2023-30458 Information Exposure Through Discrepancy vulnerability in Medicine Tracker System Project Medicine Tracker System 1.0
A username enumeration issue was discovered in Medicine Tracker System 1.0.
network
low complexity
medicine-tracker-system-project CWE-203
5.3
2023-04-21 CVE-2023-26556 Information Exposure Through Discrepancy vulnerability in Iofinnet Tss-Lib
io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop).
network
low complexity
iofinnet CWE-203
critical
9.1
2023-04-21 CVE-2023-26557 Information Exposure Through Discrepancy vulnerability in Iofinnet Tss-Lib
io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse.
network
low complexity
iofinnet CWE-203
7.5
2023-04-21 CVE-2023-1998 Information Exposure Through Discrepancy vulnerability in multiple products
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp.
local
high complexity
linux debian CWE-203
5.6
2023-03-30 CVE-2023-25000 Information Exposure Through Discrepancy vulnerability in Hashicorp Vault
HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks.
local
high complexity
hashicorp CWE-203
4.7
2023-03-28 CVE-2023-26071 Information Exposure Through Discrepancy vulnerability in Harpaitalia Mcuboict 10.12.4
An issue was discovered in MCUBO ICT through 10.12.4 (aka 6.0.2).
network
low complexity
harpaitalia CWE-203
7.5
2023-03-27 CVE-2022-41354 Information Exposure Through Discrepancy vulnerability in Linuxfoundation Argo-Cd
An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications.
network
low complexity
linuxfoundation CWE-203
4.3
2023-03-21 CVE-2023-1538 Information Exposure Through Discrepancy vulnerability in Answer
Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.
network
low complexity
answer CWE-203
5.3
2023-03-21 CVE-2023-1540 Information Exposure Through Discrepancy vulnerability in Answer
Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6.
network
low complexity
answer CWE-203
5.3
2023-03-02 CVE-2023-25806 Information Exposure Through Discrepancy vulnerability in Amazon Opensearch and Opensearch Security
OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization.
network
low complexity
amazon CWE-203
5.3