Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-24 | CVE-2021-45925 | Information Exposure Through Discrepancy vulnerability in Lannerinc Iac-Ast2500A Firmware 1.10.0 Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. | 5.3 |
| 2022-10-20 | CVE-2022-40084 | Information Exposure Through Discrepancy vulnerability in Opencrx OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid. | 5.3 |
| 2022-10-19 | CVE-2022-43411 | Information Exposure Through Discrepancy vulnerability in Jenkins Gitlab Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 5.3 |
| 2022-10-19 | CVE-2022-43412 | Information Exposure Through Discrepancy vulnerability in Jenkins Generic Webhook Trigger Jenkins Generic Webhook Trigger Plugin 1.84.1 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. | 5.3 |
| 2022-10-11 | CVE-2021-36201 | Information Exposure Through Discrepancy vulnerability in Johnsoncontrols C-Cure 9000 Firmware 2.70/2.80/2.90 Under certain circumstances a CCURE Portal user could enumerate user accounts in CCURE 9000 version 2.90 and prior versions. | 5.3 |
| 2022-10-10 | CVE-2022-2891 | Information Exposure Through Discrepancy vulnerability in Wpwhitesecurity WP 2FA The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared. | 5.9 |
| 2022-10-06 | CVE-2022-40895 | Information Exposure Through Discrepancy vulnerability in Nedi 1.0.7 In certain Nedi products, a vulnerability in the web UI of NeDi login & Community login could allow an unauthenticated, remote attacker to affect the integrity of a device via a User Enumeration vulnerability. | 9.1 |
| 2022-09-29 | CVE-2022-35888 | Information Exposure Through Discrepancy vulnerability in Amperecomputing products Ampere Altra and Ampere Altra Max devices through 2022-07-15 allow attacks via Hertzbleed, which is a power side-channel attack that extracts secret information from the CPU by correlating the power consumption with data being processed on the system. | 6.5 |
| 2022-09-23 | CVE-2022-32218 | Information Exposure Through Discrepancy vulnerability in Rocket.Chat An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries. | 4.3 |
| 2022-09-08 | CVE-2022-37146 | Information Exposure Through Discrepancy vulnerability in Plextrac The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. | 5.3 |