Vulnerabilities > Information Exposure Through Discrepancy

DATE CVE VULNERABILITY TITLE RISK
2023-03-01 CVE-2022-39228 Information Exposure Through Discrepancy vulnerability in Vantage6
vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange.
network
low complexity
vantage6 CWE-203
6.5
2023-02-16 CVE-2020-12413 Information Exposure Through Discrepancy vulnerability in Mozilla Firefox
The Raccoon attack is a timing attack on DHE ciphersuites inherit in the TLS specification.
network
high complexity
mozilla CWE-203
5.9
2023-02-15 CVE-2023-0361 Information Exposure Through Discrepancy vulnerability in multiple products
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS.
network
high complexity
gnu redhat debian fedoraproject netapp CWE-203
7.4
2023-02-08 CVE-2022-4304 Information Exposure Through Discrepancy vulnerability in multiple products
A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack.
network
high complexity
openssl stormshield CWE-203
5.9
2023-01-13 CVE-2022-3143 Information Exposure Through Discrepancy vulnerability in Redhat products
wildfly-elytron: possible timing attacks via use of unsafe comparator.
network
high complexity
redhat CWE-203
7.4
2023-01-13 CVE-2022-42288 Information Exposure Through Discrepancy vulnerability in Nvidia DGX A100 Firmware
NVIDIA BMC contains a vulnerability in IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid BMC username, which may lead to an information disclosure.
network
low complexity
nvidia CWE-203
5.3
2023-01-11 CVE-2022-4499 Information Exposure Through Discrepancy vulnerability in Tp-Link Archer C5 Firmware and Tl-Wr710N Firmware
TP-Link routers, Archer C5 and WR710N-V1, using the latest software, the strcmp function used for checking credentials in httpd, is susceptible to a side-channel attack.
network
low complexity
tp-link CWE-203
7.5
2023-01-11 CVE-2022-4543 Information Exposure Through Discrepancy vulnerability in Linux Kernel
A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI).
local
low complexity
linux CWE-203
5.5
2023-01-10 CVE-2022-30332 Information Exposure Through Discrepancy vulnerability in Talend Administration Center 7.3.1
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account.
network
low complexity
talend CWE-203
5.3
2023-01-10 CVE-2022-48251 Information Exposure Through Discrepancy vulnerability in ARM products
The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks.
network
low complexity
arm CWE-203
7.5