Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-17 | CVE-2022-23303 | Information Exposure Through Discrepancy vulnerability in multiple products The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. | 9.8 |
| 2022-01-17 | CVE-2022-23304 | Information Exposure Through Discrepancy vulnerability in multiple products The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. | 9.8 |
| 2022-01-12 | CVE-2022-23106 | Information Exposure Through Discrepancy vulnerability in Jenkins Configuration AS Code Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token. | 5.3 |
| 2022-01-10 | CVE-2022-22120 | Information Exposure Through Discrepancy vulnerability in Xgenecloud Nocodb In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature. | 5.3 |
| 2022-01-03 | CVE-2021-20147 | Information Exposure Through Discrepancy vulnerability in Zohocorp Manageengine Adselfservice Plus ManageEngine ADSelfService Plus below build 6116 contains an observable response discrepancy in the UMCP operation of the ChangePasswordAPI. | 5.3 |
| 2021-12-23 | CVE-2020-35398 | Information Exposure Through Discrepancy vulnerability in Utimf UTI Mutual Fund Invest Online An issue was discovered in UTI Mutual fund Android application 5.4.18 and prior, allows attackers to brute force enumeration of usernames determined by the error message returned after invalid credentials are attempted. | 5.3 |
| 2021-12-23 | CVE-2021-20049 | Information Exposure Through Discrepancy vulnerability in Sonicwall products A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. | 7.5 |
| 2021-12-23 | CVE-2021-38009 | Information Exposure Through Discrepancy vulnerability in multiple products Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2021-12-21 | CVE-2021-44875 | Information Exposure Through Discrepancy vulnerability in Dalmark Systeam Enterprise Resource Planning 2.22.8 Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. | 5.3 |
| 2021-12-21 | CVE-2021-44876 | Information Exposure Through Discrepancy vulnerability in Dalmark Systeam Enterprise Resource Planning 2.22.8 Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to User enumeration. | 5.3 |