Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-09 | CVE-2021-26314 | Information Exposure Through Discrepancy vulnerability in multiple products Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage. | 5.5 |
| 2021-06-08 | CVE-2021-33560 | Information Exposure Through Discrepancy vulnerability in multiple products Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. | 7.5 |
| 2021-06-07 | CVE-2021-29621 | Information Exposure Through Discrepancy vulnerability in multiple products Flask-AppBuilder is a development framework, built on top of Flask. | 5.3 |
| 2021-06-06 | CVE-2021-33880 | Information Exposure Through Discrepancy vulnerability in multiple products The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with basic_auth_protocol_factory(credentials=...). | 5.9 |
| 2021-06-04 | CVE-2021-33838 | Information Exposure Through Discrepancy vulnerability in Luca-App Luca Luca through 1.7.4 on Android allows remote attackers to obtain sensitive information about COVID-19 tracking because requests related to Check-In State occur shortly after requests for Phone Number Registration. | 7.5 |
| 2021-05-27 | CVE-2021-22892 | Information Exposure Through Discrepancy vulnerability in Rocket.Chat An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks. | 7.5 |
| 2021-05-21 | CVE-2020-27211 | Information Exposure Through Discrepancy vulnerability in Nordicsemi Nrf52840 Firmware 20201019 Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper protection against physical side channels. | 5.7 |
| 2021-05-21 | CVE-2021-29415 | Information Exposure Through Discrepancy vulnerability in Nordicsemi Nrf52840 Firmware 20201019/20210329 The elliptic curve cryptography (ECC) hardware accelerator, part of the ARM® TrustZone® CryptoCell 310, contained in the NordicSemiconductor nRF52840 through 2021-03-29 has a non-constant time ECDSA implemenation. | 5.5 |
| 2021-05-20 | CVE-2021-29687 | Information Exposure Through Discrepancy vulnerability in IBM Security Identity Manager 6.0.2 IBM Security Identity Manager 7.0.2 could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. | 5.3 |
| 2021-05-17 | CVE-2021-27342 | Information Exposure Through Discrepancy vulnerability in Dlink Dir-842E Firmware 3.0.2 An authentication brute-force protection mechanism bypass in telnetd in D-Link Router model DIR-842 firmware version 3.0.2 allows a remote attacker to circumvent the anti-brute-force cool-down delay period via a timing-based side-channel attack | 5.9 |