Vulnerabilities > Information Exposure Through Discrepancy

DATE CVE VULNERABILITY TITLE RISK
2022-12-16 CVE-2022-20538 Information Exposure Through Discrepancy vulnerability in Google Android 13.0
In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.
local
low complexity
google CWE-203
5.5
2022-12-16 CVE-2022-20559 Information Exposure Through Discrepancy vulnerability in Google Android 13.0
In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.
local
low complexity
google CWE-203
3.3
2022-12-15 CVE-2022-46392 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0.
network
high complexity
arm fedoraproject CWE-203
5.3
2022-12-05 CVE-2022-3907 Information Exposure Through Discrepancy vulnerability in Clerk Clerk.Io
The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options.
network
low complexity
clerk CWE-203
7.5
2022-11-21 CVE-2022-4087 Information Exposure Through Discrepancy vulnerability in Ipxe
A vulnerability was found in iPXE.
network
low complexity
ipxe CWE-203
4.3
2022-11-18 CVE-2022-45163 Information Exposure Through Discrepancy vulnerability in NXP products
An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid.
low complexity
nxp CWE-203
4.6
2022-11-16 CVE-2022-41914 Information Exposure Through Discrepancy vulnerability in Zulip Server
Zulip is an open-source team collaboration tool.
network
high complexity
zulip CWE-203
3.7
2022-11-15 CVE-2022-20940 Information Exposure Through Discrepancy vulnerability in Cisco Firepower Threat Defense
A vulnerability in the TLS handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses SSL decryption policies.
network
low complexity
cisco CWE-203
5.3
2022-10-24 CVE-2021-45925 Information Exposure Through Discrepancy vulnerability in Lannerinc Iac-Ast2500A Firmware 1.10.0
Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC.
network
low complexity
lannerinc CWE-203
5.3
2022-10-20 CVE-2022-40084 Information Exposure Through Discrepancy vulnerability in Opencrx
OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.
network
low complexity
opencrx CWE-203
5.3