Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-10 | CVE-2022-2891 | Information Exposure Through Discrepancy vulnerability in Wpwhitesecurity WP 2FA The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared. | 5.9 |
| 2022-10-06 | CVE-2022-40895 | Information Exposure Through Discrepancy vulnerability in Nedi 1.0.7 In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. | 9.1 |
| 2022-09-29 | CVE-2022-35888 | Information Exposure Through Discrepancy vulnerability in Amperecomputing products Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system. | 6.5 |
| 2022-09-23 | CVE-2022-32218 | Information Exposure Through Discrepancy vulnerability in Rocket.Chat An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries. | 4.3 |
| 2022-09-08 | CVE-2022-37146 | Information Exposure Through Discrepancy vulnerability in Plextrac The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. | 5.3 |
| 2022-08-12 | CVE-2022-2612 | Information Exposure Through Discrepancy vulnerability in multiple products Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
| 2022-08-12 | CVE-2022-20275 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 |
| 2022-08-12 | CVE-2022-20276 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 |
| 2022-08-12 | CVE-2022-20277 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 |
| 2022-08-12 | CVE-2022-20279 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 |