Vulnerabilities > Information Exposure Through Discrepancy

DATE CVE VULNERABILITY TITLE RISK
2021-04-28 CVE-2021-31866 Information Exposure Through Discrepancy vulnerability in multiple products
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController.
network
low complexity
redmine debian CWE-203
5.3
2021-04-23 CVE-2021-31403 Information Exposure Through Discrepancy vulnerability in Vaadin
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:vaadin-server versions 7.0.0 through 7.7.23 (Vaadin 7.0.0 through 7.7.23), and 8.0.0 through 8.12.2 (Vaadin 8.0.0 through 8.12.2) allows attacker to guess a security token via timing attack
local
high complexity
vaadin CWE-203
2.5
2021-04-23 CVE-2021-31404 Information Exposure Through Discrepancy vulnerability in Vaadin Flow
Non-constant-time comparison of CSRF tokens in UIDL request handler in com.vaadin:flow-server versions 1.0.0 through 1.0.13 (Vaadin 10.0.0 through 10.0.16), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.4.6 (Vaadin 14.0.0 through 14.4.6), 3.0.0 prior to 5.0.0 (Vaadin 15 prior to 18), and 5.0.0 through 5.0.2 (Vaadin 18.0.0 through 18.0.5) allows attacker to guess a security token via timing attack.
local
high complexity
vaadin CWE-203
2.5
2021-04-23 CVE-2021-31406 Information Exposure Through Discrepancy vulnerability in Vaadin
Non-constant-time comparison of CSRF tokens in endpoint request handler in com.vaadin:flow-server versions 3.0.0 through 5.0.3 (Vaadin 15.0.0 through 18.0.6), and com.vaadin:fusion-endpoint version 6.0.0 (Vaadin 19.0.0) allows attacker to guess a security token for Fusion endpoints via timing attack.
local
high complexity
vaadin CWE-203
2.5
2021-04-16 CVE-2021-29443 Information Exposure Through Discrepancy vulnerability in Jose Project Jose
jose is an npm library providing a number of cryptographic operations.
network
high complexity
jose-project CWE-203
5.9
2021-03-26 CVE-2020-35518 Information Exposure Through Discrepancy vulnerability in Redhat 389 Directory Server
When binding against a DN during authentication, the reply from 389-ds-base will be different whether the DN exists or not.
network
low complexity
redhat CWE-203
5.3
2021-03-20 CVE-2020-27170 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in the Linux kernel before 5.11.8.
local
high complexity
linux fedoraproject canonical debian CWE-203
4.7
2021-03-16 CVE-2020-1926 Information Exposure Through Discrepancy vulnerability in Apache Hive
Apache Hive cookie signature verification used a non constant time comparison which is known to be vulnerable to timing attacks.
network
high complexity
apache CWE-203
5.9
2021-03-09 CVE-2021-21181 Information Exposure Through Discrepancy vulnerability in multiple products
Side-channel information leakage in autofill in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-203
6.5
2021-03-09 CVE-2021-21173 Information Exposure Through Discrepancy vulnerability in multiple products
Side-channel information leakage in Network Internals in Google Chrome prior to 89.0.4389.72 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
network
low complexity
google fedoraproject debian CWE-203
6.5