Vulnerabilities > Information Exposure Through Discrepancy

DATE CVE VULNERABILITY TITLE RISK
2021-08-02 CVE-2021-34556 Information Exposure Through Discrepancy vulnerability in multiple products
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack.
local
low complexity
linux fedoraproject CWE-203
2.1
2021-08-02 CVE-2021-35477 Information Exposure Through Discrepancy vulnerability in multiple products
In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.
local
low complexity
linux fedoraproject CWE-203
2.1
2021-07-30 CVE-2021-20113 Information Exposure Through Discrepancy vulnerability in Tecnick Tcexam
An exposure of sensitive information vulnerability exists in TCExam <= 14.8.1.
network
low complexity
tecnick CWE-203
5.0
2021-07-19 CVE-2020-36421 Information Exposure Through Discrepancy vulnerability in ARM Mbed TLS
An issue was discovered in Arm Mbed TLS before 2.23.0.
network
low complexity
arm CWE-203
5.0
2021-07-19 CVE-2020-36422 Information Exposure Through Discrepancy vulnerability in ARM Mbed TLS
An issue was discovered in Arm Mbed TLS before 2.23.0.
network
low complexity
arm CWE-203
5.0
2021-07-19 CVE-2020-36424 Information Exposure Through Discrepancy vulnerability in ARM Mbed TLS
An issue was discovered in Arm Mbed TLS before 2.24.0.
local
arm CWE-203
1.9
2021-07-14 CVE-2021-24117 Information Exposure Through Discrepancy vulnerability in SGX Tstd Project SGX Tstd 1.1.3
In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
network
low complexity
sgx-tstd-project CWE-203
4.0
2021-07-14 CVE-2021-24116 Information Exposure Through Discrepancy vulnerability in Wolfssl
In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
network
low complexity
wolfssl CWE-203
4.0
2021-07-14 CVE-2021-24119 Information Exposure Through Discrepancy vulnerability in multiple products
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
network
low complexity
arm fedoraproject CWE-203
4.0
2021-06-23 CVE-2021-33624 Information Exposure Through Discrepancy vulnerability in Linux Kernel
In kernel/bpf/verifier.c in the Linux kernel before 5.12.13, a branch can be mispredicted (e.g., because of type confusion) and consequently an unprivileged BPF program can read arbitrary memory locations via a side-channel attack, aka CID-9183671af6db.
local
linux CWE-203
4.7