Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-22 | CVE-2022-45416 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. | 6.5 |
| 2022-12-16 | CVE-2022-20535 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 3.3 |
| 2022-12-16 | CVE-2022-20538 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 |
| 2022-12-16 | CVE-2022-20559 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 3.3 |
| 2022-12-15 | CVE-2022-46392 | Information Exposure Through Discrepancy vulnerability in multiple products An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. | 5.3 |
| 2022-12-05 | CVE-2022-3907 | Information Exposure Through Discrepancy vulnerability in Clerk Clerk.Io The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options. | 7.5 |
| 2022-11-21 | CVE-2022-4087 | Information Exposure Through Discrepancy vulnerability in Ipxe A vulnerability was found in iPXE. | 4.3 |
| 2022-11-18 | CVE-2022-45163 | Information Exposure Through Discrepancy vulnerability in NXP products An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. | 4.6 |
| 2022-11-16 | CVE-2022-41914 | Information Exposure Through Discrepancy vulnerability in Zulip Server Zulip is an open-source team collaboration tool. | 3.7 |
| 2022-11-15 | CVE-2022-20940 | Information Exposure Through Discrepancy vulnerability in Cisco Firepower Threat Defense A vulnerability in the TLS handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses SSL decryption policies. | 5.3 |