Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-02 | CVE-2021-39021 | Information Exposure Through Discrepancy vulnerability in IBM Guardium Data Encryption 5.0.0.2 IBM Guardium Data Encryption (GDE) 5.0.0.2 behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which could facilitate username enumeration. | 5.3 |
| 2022-01-31 | CVE-2022-21659 | Information Exposure Through Discrepancy vulnerability in Flask-Appbuilder Project Flask-Appbuilder Flask-AppBuilder is an application development framework, built on top of the Flask web framework. | 5.3 |
| 2022-01-30 | CVE-2022-24032 | Information Exposure Through Discrepancy vulnerability in Adenza Axiomsl Controllerview Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enumeration. | 5.3 |
| 2022-01-26 | CVE-2019-25056 | Information Exposure Through Discrepancy vulnerability in Bromite In Bromite through 78.0.3904.130, there are adblock rules in the release APK; therefore, probing which resources are blocked and which aren't can identify the application version and defeat the User-Agent protection mechanism. | 5.3 |
| 2022-01-17 | CVE-2022-23303 | Information Exposure Through Discrepancy vulnerability in multiple products The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. | 9.8 |
| 2022-01-17 | CVE-2022-23304 | Information Exposure Through Discrepancy vulnerability in multiple products The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. | 9.8 |
| 2022-01-12 | CVE-2022-23106 | Information Exposure Through Discrepancy vulnerability in Jenkins Configuration AS Code Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token. | 5.3 |
| 2022-01-03 | CVE-2021-20147 | Information Exposure Through Discrepancy vulnerability in Zohocorp Manageengine Adselfservice Plus ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. | 5.3 |
| 2021-12-23 | CVE-2020-35398 | Information Exposure Through Discrepancy vulnerability in Utimf UTI Mutual Fund Invest Online An issue was discovered in UTI Mutual fund Android application 5.4.18 and prior, allows attackers to brute force enumeration of usernames determined by the error message returned after invalid credentials are attempted. | 5.3 |
| 2021-12-23 | CVE-2021-20049 | Information Exposure Through Discrepancy vulnerability in Sonicwall products A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. | 7.5 |