Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-03 | CVE-2024-45678 | Information Exposure Through Discrepancy vulnerability in Yubico products Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue. | 4.2 |
| 2024-08-29 | CVE-2024-1543 | Information Exposure Through Discrepancy vulnerability in Wolfssl The side-channel protected T-Table implementation in wolfSSL up to version 5.6.5 protects against a side-channel attacker with cache-line resolution. | 5.5 |
| 2024-07-31 | CVE-2024-41952 | Information Exposure Through Discrepancy vulnerability in Zitadel Zitadel is an open source identity management system. | 5.3 |
| 2024-07-30 | CVE-2024-38431 | Information Exposure Through Discrepancy vulnerability in Matrix-Globalservices Tafnit Matrix Tafnit v8 - CWE-204: Observable Response Discrepancy | 7.5 |
| 2024-07-03 | CVE-2024-39830 | Information Exposure Through Discrepancy vulnerability in Mattermost Mattermost versions 9.8.x <= 9.8.0, 9.7.x <= 9.7.4, 9.6.x <= 9.6.2 and 9.5.x <= 9.5.5, when shared channels are enabled, fail to use constant time comparison for remote cluster tokens which allows an attacker to retrieve the remote cluster token via a timing attack during remote cluster token comparison. | 5.9 |
| 2024-07-02 | CVE-2024-39891 | Information Exposure Through Discrepancy vulnerability in Twilio Authy and Authy Authenticator In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. | 5.3 |
| 2024-07-01 | CVE-2024-36996 | Information Exposure Through Discrepancy vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. | 5.3 |
| 2024-06-28 | CVE-2024-38322 | Information Exposure Through Discrepancy vulnerability in IBM Storage Defender Resiliency Service IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. | 7.5 |
| 2024-06-20 | CVE-2022-48730 | Information Exposure Through Discrepancy vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: dma-buf: heaps: Fix potential spectre v1 gadget It appears like nr could be a Spectre v1 gadget as it's supplied by a user and used as an array index. | 5.5 |
| 2024-06-18 | CVE-2024-6129 | Information Exposure Through Discrepancy vulnerability in Spa-Cart Spa-Cartcms 1.9.0.6 A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. | 3.7 |