Vulnerabilities > Information Exposure Through Discrepancy
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-19 | CVE-2022-43411 | Information Exposure Through Discrepancy vulnerability in Jenkins Gitlab Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 5.3 |
2022-10-19 | CVE-2022-43412 | Information Exposure Through Discrepancy vulnerability in Jenkins Generic Webhook Trigger Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 5.3 |
2022-10-11 | CVE-2021-36201 | Information Exposure Through Discrepancy vulnerability in Johnsoncontrols C-Cure 9000 Firmware 2.70/2.80/2.90 Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions. | 5.3 |
2022-10-10 | CVE-2022-2891 | Information Exposure Through Discrepancy vulnerability in Wpwhitesecurity WP 2FA The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared. | 5.9 |
2022-10-06 | CVE-2022-40895 | Information Exposure Through Discrepancy vulnerability in Nedi 1.0.7 In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. | 9.1 |
2022-09-29 | CVE-2022-35888 | Information Exposure Through Discrepancy vulnerability in Amperecomputing products Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system. | 6.5 |
2022-09-23 | CVE-2022-32218 | Information Exposure Through Discrepancy vulnerability in Rocket.Chat An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries. | 4.3 |
2022-09-08 | CVE-2022-37146 | Information Exposure Through Discrepancy vulnerability in Plextrac The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. | 5.3 |
2022-08-23 | CVE-2022-1989 | Information Exposure Through Discrepancy vulnerability in Codesys Visualization 4.0.0.0 All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users. | 5.3 |
2022-08-17 | CVE-2022-37459 | Information Exposure Through Discrepancy vulnerability in Amperecomputing Ampere Altra Firmware and Ampere Altra MAX Firmware Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue. | 7.8 |