Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-02 | CVE-2020-26939 | Information Exposure Through Discrepancy vulnerability in Bouncycastle products In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs. | 5.3 |
| 2020-10-21 | CVE-2020-3585 | Information Exposure Through Discrepancy vulnerability in Cisco products A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. | 3.7 |
| 2020-10-16 | CVE-2020-1685 | Information Exposure Through Discrepancy vulnerability in Juniper Junos When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series devices using Virtual Extensible LAN protocol (VXLAN), the discard action will fail to discard traffic under certain conditions. | 5.8 |
| 2020-10-12 | CVE-2020-4699 | Information Exposure Through Discrepancy vulnerability in IBM Security Access Manager and Security Verify Access IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. | 5.3 |
| 2020-10-12 | CVE-2020-4661 | Information Exposure Through Discrepancy vulnerability in IBM Security Access Manager and Security Verify Access IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. | 5.3 |
| 2020-10-12 | CVE-2020-4660 | Information Exposure Through Discrepancy vulnerability in IBM Security Access Manager and Security Verify Access IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system. | 5.3 |
| 2020-10-12 | CVE-2020-5143 | Information Exposure Through Discrepancy vulnerability in Sonicwall Sonicos and Sonicosv SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. | 5.3 |
| 2020-10-08 | CVE-2020-12401 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. | 4.7 |
| 2020-10-08 | CVE-2020-12400 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. | 4.7 |
| 2020-10-01 | CVE-2020-25200 | Information Exposure Through Discrepancy vulnerability in Pritunl 1.29.2145.25 Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. | 5.3 |