Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-21 | CVE-2023-26556 | Information Exposure Through Discrepancy vulnerability in Iofinnet Tss-Lib io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time (there is an if statement in a loop). | 9.1 |
| 2023-04-21 | CVE-2023-26557 | Information Exposure Through Discrepancy vulnerability in Iofinnet Tss-Lib io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation, or modular inverse. | 7.5 |
| 2023-04-21 | CVE-2023-1998 | Information Exposure Through Discrepancy vulnerability in multiple products The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. | 5.6 |
| 2023-04-11 | CVE-2023-27464 | Information Exposure Through Discrepancy vulnerability in Mendix Forgot Password A vulnerability has been identified in Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.1), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.1), Mendix Forgot Password (Mendix 9 compatible) (All versions < V5.1.1). | 5.3 |
| 2023-03-30 | CVE-2023-25000 | Information Exposure Through Discrepancy vulnerability in Hashicorp Vault HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. | 4.7 |
| 2023-03-28 | CVE-2023-26071 | Information Exposure Through Discrepancy vulnerability in Harpaitalia Mcuboict 10.12.4 An issue was discovered in MCUBO ICT through 10.12.4 (aka 6.0.2). | 7.5 |
| 2023-03-27 | CVE-2022-41354 | Information Exposure Through Discrepancy vulnerability in Linuxfoundation Argo-Cd An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications. | 4.3 |
| 2023-03-21 | CVE-2023-1538 | Information Exposure Through Discrepancy vulnerability in Answer Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6. | 5.3 |
| 2023-03-21 | CVE-2023-1540 | Information Exposure Through Discrepancy vulnerability in Answer Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6. | 5.3 |
| 2023-03-02 | CVE-2023-25806 | Information Exposure Through Discrepancy vulnerability in Amazon Opensearch and Opensearch Security OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. | 5.3 |