Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-09 | CVE-2020-12402 | Information Exposure Through Discrepancy vulnerability in multiple products During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. | 4.4 |
| 2020-07-09 | CVE-2020-12399 | Information Exposure Through Discrepancy vulnerability in multiple products NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. | 1.2 |
| 2020-06-29 | CVE-2020-14145 | Information Exposure Through Discrepancy vulnerability in multiple products The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. | 4.3 |
| 2020-06-29 | CVE-2020-14002 | Information Exposure Through Discrepancy vulnerability in multiple products PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. | 5.9 |
| 2020-06-26 | CVE-2020-9588 | Information Exposure Through Discrepancy vulnerability in Magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have an observable timing discrepancy vulnerability. | 6.5 |
| 2020-06-23 | CVE-2020-4028 | Information Exposure Through Discrepancy vulnerability in Atlassian Jira Versions before 8.9.1, Various resources in Jira responded with a 404 instead of redirecting unauthenticated users to the login page, in some situations this may have allowed unauthorised attackers to determine if certain resources exist or not through an Information Disclosure vulnerability. | 5.0 |
| 2020-06-11 | CVE-2020-13998 | Information Exposure Through Discrepancy vulnerability in Citrix Xenapp 6.5.0.0 Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. | 5.3 |
| 2020-06-08 | CVE-2020-13844 | Information Exposure Through Discrepancy vulnerability in multiple products Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation." | 2.1 |
| 2020-05-22 | CVE-2020-13413 | Information Exposure Through Discrepancy vulnerability in Aviatrix Controller An issue was discovered in Aviatrix Controller before 5.4.1204. | 5.0 |
| 2020-05-21 | CVE-2020-6473 | Information Exposure Through Discrepancy vulnerability in multiple products Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |