Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-11 | CVE-2022-20251 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0.0 In LocaleManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 3.3 |
| 2022-08-11 | CVE-2022-20252 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0.0 In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 3.3 |
| 2022-08-10 | CVE-2021-46778 | Information Exposure Through Discrepancy vulnerability in AMD products Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). | 5.6 |
| 2022-08-10 | CVE-2022-20866 | Information Exposure Through Discrepancy vulnerability in Cisco products A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. | 7.5 |
| 2022-08-09 | CVE-2022-34704 | Information Exposure Through Discrepancy vulnerability in Microsoft products Windows Defender Credential Guard Information Disclosure Vulnerability | 4.7 |
| 2022-07-29 | CVE-2022-24912 | Information Exposure Through Discrepancy vulnerability in Runatlantis Atlantis The package github.com/runatlantis/atlantis/server/controllers/events before 0.19.7 are vulnerable to Timing Attack in the webhook event validator code, which does not use a constant-time comparison function to validate the webhook secret. | 7.5 |
| 2022-07-27 | CVE-2022-36885 | Information Exposure Through Discrepancy vulnerability in Jenkins Github Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature. | 5.3 |
| 2022-07-23 | CVE-2022-1139 | Information Exposure Through Discrepancy vulnerability in Google Chrome Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2022-07-23 | CVE-2022-1146 | Information Exposure Through Discrepancy vulnerability in Google Chrome Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2022-07-14 | CVE-2022-32425 | Information Exposure Through Discrepancy vulnerability in Mealie 1.0.0 The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by timing the server's response time. | 5.3 |