Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-05 | CVE-2022-3907 | Information Exposure Through Discrepancy vulnerability in Clerk Clerk.Io The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options. | 7.5 |
| 2022-11-21 | CVE-2022-4087 | Information Exposure Through Discrepancy vulnerability in Ipxe A vulnerability was found in iPXE. | 4.3 |
| 2022-11-18 | CVE-2022-45163 | Information Exposure Through Discrepancy vulnerability in NXP products An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. | 4.6 |
| 2022-11-16 | CVE-2022-41914 | Information Exposure Through Discrepancy vulnerability in Zulip Server Zulip is an open-source team collaboration tool. | 3.7 |
| 2022-11-15 | CVE-2022-20940 | Information Exposure Through Discrepancy vulnerability in Cisco Firepower Threat Defense A vulnerability in the TLS handler of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability is due to improper implementation of countermeasures against a Bleichenbacher attack on a device that uses SSL decryption policies. | 5.3 |
| 2022-10-24 | CVE-2021-45925 | Information Exposure Through Discrepancy vulnerability in Lannerinc Iac-Ast2500A Firmware 1.10.0 Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. | 5.3 |
| 2022-10-20 | CVE-2022-40084 | Information Exposure Through Discrepancy vulnerability in Opencrx OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid. | 5.3 |
| 2022-10-19 | CVE-2022-43411 | Information Exposure Through Discrepancy vulnerability in Jenkins Gitlab Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 5.3 |
| 2022-10-19 | CVE-2022-43412 | Information Exposure Through Discrepancy vulnerability in Jenkins Generic Webhook Trigger Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 5.3 |
| 2022-10-11 | CVE-2021-36201 | Information Exposure Through Discrepancy vulnerability in Johnsoncontrols C-Cure 9000 Firmware 2.70/2.80/2.90 Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions. | 5.3 |