Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-04 | CVE-2021-43398 | Information Exposure Through Discrepancy vulnerability in Cryptopp Crypto++ Crypto++ (aka Cryptopp) 8.6.0 and earlier contains a timing leakage in MakePublicKey(). | 5.3 |
| 2021-10-27 | CVE-2021-34580 | Information Exposure Through Discrepancy vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24 In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts. | 7.5 |
| 2021-10-19 | CVE-2021-38476 | Information Exposure Through Discrepancy vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. | 5.3 |
| 2021-10-18 | CVE-2021-38562 | Information Exposure Through Discrepancy vulnerability in multiple products Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm. | 7.5 |
| 2021-10-13 | CVE-2021-26318 | Information Exposure Through Discrepancy vulnerability in AMD products A timing and power-based side channel attack leveraging the x86 PREFETCH instructions on some AMD CPUs could potentially result in leaked kernel address space information. | 4.7 |
| 2021-10-11 | CVE-2021-24651 | Information Exposure Through Discrepancy vulnerability in Ays-Pro Poll Maker The Poll Maker WordPress plugin before 3.4.2 allows unauthenticated users to perform SQL injection via the ays_finish_poll AJAX action. | 7.5 |
| 2021-10-08 | CVE-2021-37968 | Information Exposure Through Discrepancy vulnerability in multiple products Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 4.3 |
| 2021-10-07 | CVE-2021-20376 | Information Exposure Through Discrepancy vulnerability in IBM Sterling B2B Integrator IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated attacker to enumerate usernames due to there being an observable discrepancy in returned messages. | 4.3 |
| 2021-09-22 | CVE-2021-38153 | Information Exposure Through Discrepancy vulnerability in multiple products Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. | 5.9 |
| 2021-09-16 | CVE-2021-34576 | Information Exposure Through Discrepancy vulnerability in Kadenvodomery Picoflux AIR Firmware In Kaden PICOFLUX Air in all known versions an information exposure through observable discrepancy exists. | 4.3 |