Vulnerabilities > Information Exposure Through Discrepancy

DATE CVE VULNERABILITY TITLE RISK
2024-07-02 CVE-2024-39891 Information Exposure Through Discrepancy vulnerability in Twilio Authy and Authy Authenticator
In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to certain phone-number data, as exploited in the wild in June 2024.
network
low complexity
twilio CWE-203
5.3
2024-07-01 CVE-2024-36996 Information Exposure Through Discrepancy vulnerability in Splunk and Splunk Cloud Platform
In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in.
network
low complexity
splunk CWE-203
5.3
2024-06-28 CVE-2024-38322 Information Exposure Through Discrepancy vulnerability in IBM Storage Defender Resiliency Service
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration.
network
low complexity
ibm CWE-203
7.5
2024-06-18 CVE-2024-6129 Information Exposure Through Discrepancy vulnerability in Spa-Cart Spa-Cartcms 1.9.0.6
A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6.
network
high complexity
spa-cart CWE-203
3.7
2024-06-17 CVE-2024-6056 Information Exposure Through Discrepancy vulnerability in Nasirkhan Laravel Starter
A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0.
network
low complexity
nasirkhan CWE-203
5.3
2024-06-16 CVE-2024-38465 Information Exposure Through Discrepancy vulnerability in Guoxinled Synthesis Image System
Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus error.
network
low complexity
guoxinled CWE-203
5.3
2024-06-15 CVE-2024-31870 Information Exposure Through Discrepancy vulnerability in IBM I
IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects.
local
low complexity
ibm CWE-203
3.3
2024-06-11 CVE-2024-5690 Information Exposure Through Discrepancy vulnerability in multiple products
By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system.
network
low complexity
mozilla debian CWE-203
4.3
2024-06-10 CVE-2024-37880 Information Exposure Through Discrepancy vulnerability in Pq-Crystals Kyber
The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes.
network
low complexity
pq-crystals CWE-203
7.5
2024-06-09 CVE-2024-2408 Information Exposure Through Discrepancy vulnerability in multiple products
The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection).
network
high complexity
php fedoraproject CWE-203
5.9