Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-13 | CVE-2020-11063 | Information Exposure Through Discrepancy vulnerability in Typo3 10.4.0/10.4.1 In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. | 4.3 |
| 2020-04-15 | CVE-2020-10932 | Information Exposure Through Discrepancy vulnerability in multiple products An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. | 4.7 |
| 2020-04-12 | CVE-2020-11713 | Information Exposure Through Discrepancy vulnerability in Wolfssl 4.3.0 wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks. | 5.0 |
| 2020-04-08 | CVE-2020-11576 | Information Exposure Through Discrepancy vulnerability in Argoproj Argo CD 1.5.0 Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned 401 for an existing username and 404 otherwise. | 5.3 |
| 2020-03-11 | CVE-2019-5135 | Information Exposure Through Discrepancy vulnerability in Wago Pfc100 Firmware and Pfc200 Firmware An exploitable timing discrepancy vulnerability exists in the authentication functionality of the Web-Based Management (WBM) web application on WAGO PFC100/200 controllers. | 5.0 |
| 2020-03-05 | CVE-2020-10102 | Information Exposure Through Discrepancy vulnerability in Zammad An issue was discovered in Zammad 3.0 through 3.2. | 3.5 |
| 2020-02-13 | CVE-2020-8989 | Information Exposure Through Discrepancy vulnerability in Voatz 20200101 In the Voatz application 2020-01-01 for Android, the amount of data transmitted during a single voter's vote depends on the different lengths of the metadata across the available voting choices, which makes it easier for remote attackers to discover this voter's choice by sniffing the network. | 5.0 |
| 2020-02-11 | CVE-2020-6400 | Information Exposure Through Discrepancy vulnerability in multiple products Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
| 2020-02-04 | CVE-2013-1422 | Information Exposure Through Discrepancy vulnerability in Webcalendar Project Webcalendar webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user"). | 5.0 |
| 2020-01-29 | CVE-2020-2102 | Information Exposure Through Discrepancy vulnerability in Jenkins Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant time comparison function when validating an HMAC. | 5.3 |