Vulnerabilities > Information Exposure Through Discrepancy

DATE CVE VULNERABILITY TITLE RISK
2022-08-10 CVE-2022-20866 Information Exposure Through Discrepancy vulnerability in Cisco products
A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key.
network
low complexity
cisco CWE-203
7.5
2022-07-29 CVE-2022-24912 Information Exposure Through Discrepancy vulnerability in Runatlantis Atlantis
The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret.
network
low complexity
runatlantis CWE-203
7.5
2022-07-27 CVE-2022-36885 Information Exposure Through Discrepancy vulnerability in Jenkins Github
Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature.
network
low complexity
jenkins CWE-203
5.3
2022-07-23 CVE-2022-1139 Information Exposure Through Discrepancy vulnerability in Google Chrome
Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google CWE-203
6.5
2022-07-23 CVE-2022-1146 Information Exposure Through Discrepancy vulnerability in Google Chrome
Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google CWE-203
6.5
2022-07-14 CVE-2022-32425 Information Exposure Through Discrepancy vulnerability in Mealie 1.0.0
The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by timing the server's response time.
network
low complexity
mealie CWE-203
5.3
2022-07-14 CVE-2022-31142 Information Exposure Through Discrepancy vulnerability in Fastify Bearer-Auth
@fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers.
network
low complexity
fastify CWE-203
7.5
2022-07-06 CVE-2022-20752 Information Exposure Through Discrepancy vulnerability in Cisco Unified Communications Manager and Unity Connection
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack.
network
low complexity
cisco CWE-203
5.3
2022-06-24 CVE-2021-41634 Information Exposure Through Discrepancy vulnerability in Melag FTP Server 2.2.0.4
A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid FTP usernames.
network
low complexity
melag CWE-203
5.3
2022-06-23 CVE-2022-34174 Information Exposure Through Discrepancy vulnerability in Jenkins
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm.
network
low complexity
jenkins CWE-203
7.5