Vulnerabilities > Information Exposure Through Discrepancy
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-02 | CVE-2024-39891 | Information Exposure Through Discrepancy vulnerability in Twilio Authy and Authy Authenticator In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024. | 5.3 |
2024-07-01 | CVE-2024-36996 | Information Exposure Through Discrepancy vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. | 5.3 |
2024-06-28 | CVE-2024-38322 | Information Exposure Through Discrepancy vulnerability in IBM Storage Defender Resiliency Service IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. | 7.5 |
2024-06-18 | CVE-2024-6129 | Information Exposure Through Discrepancy vulnerability in Spa-Cart Spa-Cartcms 1.9.0.6 A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. | 3.7 |
2024-06-17 | CVE-2024-6056 | Information Exposure Through Discrepancy vulnerability in Nasirkhan Laravel Starter A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. | 5.3 |
2024-06-16 | CVE-2024-38465 | Information Exposure Through Discrepancy vulnerability in Guoxinled Synthesis Image System Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus error. | 5.3 |
2024-06-15 | CVE-2024-31870 | Information Exposure Through Discrepancy vulnerability in IBM I IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. | 3.3 |
2024-06-11 | CVE-2024-5690 | Information Exposure Through Discrepancy vulnerability in multiple products By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. | 4.3 |
2024-06-10 | CVE-2024-37880 | Information Exposure Through Discrepancy vulnerability in Pq-Crystals Kyber The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. | 7.5 |
2024-06-09 | CVE-2024-2408 | Information Exposure Through Discrepancy vulnerability in multiple products The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). | 5.9 |