Vulnerabilities > Information Exposure Through Discrepancy
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-13 | CVE-2021-43823 | Information Exposure Through Discrepancy vulnerability in Sourcegraph Sourcegraph is a code search and navigation engine. | 4.0 |
2021-12-13 | CVE-2021-44848 | Information Exposure Through Discrepancy vulnerability in Cybelesoft Thinfinity Virtualui In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists. | 5.0 |
2021-11-12 | CVE-2021-1924 | Information Exposure Through Discrepancy vulnerability in Qualcomm products Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2.1 |
2021-11-04 | CVE-2021-43398 | Information Exposure Through Discrepancy vulnerability in Cryptopp Crypto++ Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). | 5.3 |
2021-10-27 | CVE-2021-34580 | Information Exposure Through Discrepancy vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24 In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts. | 5.0 |
2021-10-19 | CVE-2021-38476 | Information Exposure Through Discrepancy vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. | 5.0 |
2021-10-18 | CVE-2021-38562 | Information Exposure Through Discrepancy vulnerability in multiple products Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm. | 7.5 |
2021-10-13 | CVE-2021-26318 | Information Exposure Through Discrepancy vulnerability in AMD products A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information. | 1.9 |
2021-10-11 | CVE-2021-24651 | Information Exposure Through Discrepancy vulnerability in Ays-Pro Poll Maker The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. | 7.5 |
2021-10-08 | CVE-2021-37968 | Information Exposure Through Discrepancy vulnerability in multiple products Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 4.3 |