Vulnerabilities > Information Exposure Through Discrepancy
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-16 | CVE-2022-20538 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 |
2022-12-16 | CVE-2022-20559 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 3.3 |
2022-12-15 | CVE-2022-46392 | Information Exposure Through Discrepancy vulnerability in multiple products An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. | 5.3 |
2022-12-05 | CVE-2022-3907 | Information Exposure Through Discrepancy vulnerability in Clerk Clerk.Io The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options. | 7.5 |
2022-11-21 | CVE-2022-4087 | Information Exposure Through Discrepancy vulnerability in Ipxe A vulnerability was found in iPXE. | 4.3 |
2022-11-18 | CVE-2022-45163 | Information Exposure Through Discrepancy vulnerability in NXP products An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. | 4.6 |
2022-11-16 | CVE-2022-41914 | Information Exposure Through Discrepancy vulnerability in Zulip Server Zulip is an open-source team collaboration tool. | 3.7 |
2022-11-15 | CVE-2022-20940 | Information Exposure Through Discrepancy vulnerability in Cisco Firepower Threat Defense A vulnerability in the TLS handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses SSL decryption policies. | 5.3 |
2022-10-24 | CVE-2021-45925 | Information Exposure Through Discrepancy vulnerability in Lannerinc Iac-Ast2500A Firmware 1.10.0 Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. | 5.3 |
2022-10-20 | CVE-2022-40084 | Information Exposure Through Discrepancy vulnerability in Opencrx OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid. | 5.3 |