Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-02 | CVE-2021-37848 | Information Exposure Through Discrepancy vulnerability in Pengutronix Barebox common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison. | 7.5 |
| 2021-08-02 | CVE-2021-34575 | Information Exposure Through Discrepancy vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24 In MB connect line mymbCONNECT24, mbCONNECT24 in versions <= 2.8.0 an unauthenticated user can enumerate valid users by checking what kind of response the server sends. | 7.5 |
| 2021-08-02 | CVE-2021-34556 | Information Exposure Through Discrepancy vulnerability in multiple products In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. | 5.5 |
| 2021-08-02 | CVE-2021-35477 | Information Exposure Through Discrepancy vulnerability in multiple products In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value. | 5.5 |
| 2021-07-30 | CVE-2021-20113 | Information Exposure Through Discrepancy vulnerability in Tecnick Tcexam An exposure of sensitive information vulnerability exists in TCExam <= 14.8.1. | 5.3 |
| 2021-07-30 | CVE-2021-37606 | Information Exposure Through Discrepancy vulnerability in Meow Hash Project Meow Hash 0.5 Meow hash 0.5/calico does not sufficiently thwart key recovery by an attacker who can query whether there's a collision in the bottom bits of the hashes of two messages, as demonstrated by an attack against a long-running web service that allows the attacker to infer collisions by measuring timing differences. | 5.3 |
| 2021-07-19 | CVE-2020-36421 | Information Exposure Through Discrepancy vulnerability in multiple products An issue was discovered in Arm Mbed TLS before 2.23.0. | 5.3 |
| 2021-07-19 | CVE-2020-36422 | Information Exposure Through Discrepancy vulnerability in multiple products An issue was discovered in Arm Mbed TLS before 2.23.0. | 5.3 |
| 2021-07-19 | CVE-2020-36424 | Information Exposure Through Discrepancy vulnerability in multiple products An issue was discovered in Arm Mbed TLS before 2.24.0. | 4.7 |
| 2021-07-14 | CVE-2021-24117 | Information Exposure Through Discrepancy vulnerability in Apache Teaclave SGX SDK 1.1.3 In Apache Teaclave Rust SGX SDK 1.1.3, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. | 4.9 |