Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-13 | CVE-2021-44848 | Information Exposure Through Discrepancy vulnerability in Cybelesoft Thinfinity Virtualui In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for invalid authentication requests depending on whether the username exists. | 5.3 |
| 2021-11-12 | CVE-2021-1924 | Information Exposure Through Discrepancy vulnerability in Qualcomm products Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 5.5 |
| 2021-11-04 | CVE-2021-43398 | Information Exposure Through Discrepancy vulnerability in Cryptopp Crypto++ Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). | 5.3 |
| 2021-10-27 | CVE-2021-34580 | Information Exposure Through Discrepancy vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24 In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts. | 7.5 |
| 2021-10-19 | CVE-2021-38476 | Information Exposure Through Discrepancy vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. | 5.3 |
| 2021-10-18 | CVE-2021-38562 | Information Exposure Through Discrepancy vulnerability in multiple products Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm. | 7.5 |
| 2021-10-13 | CVE-2021-26318 | Information Exposure Through Discrepancy vulnerability in AMD products A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information. | 4.7 |
| 2021-10-08 | CVE-2021-37968 | Information Exposure Through Discrepancy vulnerability in multiple products Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 4.3 |
| 2021-10-07 | CVE-2021-20376 | Information Exposure Through Discrepancy vulnerability in IBM Sterling B2B Integrator IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. | 4.3 |
| 2021-09-22 | CVE-2021-38153 | Information Exposure Through Discrepancy vulnerability in multiple products Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. | 5.9 |