Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-23 | CVE-2021-31406 | Information Exposure Through Discrepancy vulnerability in Vaadin Flow and Vaadin Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 (Vaadin 15.0.0 through 18.0.6), and com.vaadin:fusion-endpoint version 6.0.0 (Vaadin 19.0.0) allows attacker to guess a security token for Fusion endpoints via timing attack. | 1.9 |
| 2021-04-16 | CVE-2021-29446 | Information Exposure Through Discrepancy vulnerability in Jose-Node-Cjs-Runtime Project Jose-Node-Cjs-Runtime jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. | 5.9 |
| 2021-04-16 | CVE-2021-29445 | Information Exposure Through Discrepancy vulnerability in Jose-Node-Cjs-Runtime Project Jose-Node-Cjs-Runtime jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. | 5.9 |
| 2021-04-16 | CVE-2021-29444 | Information Exposure Through Discrepancy vulnerability in Jose-Node-Cjs-Runtime Project Jose-Node-Cjs-Runtime jose-browser-runtime is an npm package which provides a number of cryptographic functions. | 5.9 |
| 2021-04-16 | CVE-2021-29443 | Information Exposure Through Discrepancy vulnerability in Jose Project Jose jose is an npm library providing a number of cryptographic operations. | 4.3 |
| 2021-03-26 | CVE-2020-35518 | Information Exposure Through Discrepancy vulnerability in Redhat 389 Directory Server When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not. | 5.0 |
| 2021-03-20 | CVE-2020-27170 | Information Exposure Through Discrepancy vulnerability in multiple products An issue was discovered in the Linux kernel before 5.11.8. | 4.7 |
| 2021-03-16 | CVE-2020-1926 | Information Exposure Through Discrepancy vulnerability in Apache Hive Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks. | 4.3 |
| 2021-03-09 | CVE-2021-21181 | Information Exposure Through Discrepancy vulnerability in multiple products Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
| 2021-03-09 | CVE-2021-21173 | Information Exposure Through Discrepancy vulnerability in multiple products Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |