Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-25 | CVE-2020-5929 | Information Exposure Through Discrepancy vulnerability in F5 products In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. | 5.9 |
| 2020-09-24 | CVE-2020-3509 | Information Exposure Through Discrepancy vulnerability in Cisco IOS XE 16.7(1) A vulnerability in the DHCP message handler of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the supervisor to crash, which could result in a denial of service (DoS) condition. | 8.6 |
| 2020-09-14 | CVE-2020-12788 | Information Exposure Through Discrepancy vulnerability in Microchip products CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks. | 7.5 |
| 2020-09-14 | CVE-2020-11683 | Information Exposure Through Discrepancy vulnerability in Linux4Sam At91Bootstrap A timing side channel was discovered in AT91bootstrap before 3.9.2. | 6.8 |
| 2020-09-09 | CVE-2020-1968 | Information Exposure Through Discrepancy vulnerability in multiple products The Raccoon attack exploits a flaw in the TLS specification which can lead to an attacker being able to compute the pre-master secret in connections which have used a Diffie-Hellman (DH) based ciphersuite. | 3.7 |
| 2020-09-02 | CVE-2020-16150 | Information Exposure Through Discrepancy vulnerability in multiple products A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/ssl_msg.c in Trusted Firmware Mbed TLS through 2.23.0 allows an attacker to recover secret key information. | 5.5 |
| 2020-08-31 | CVE-2020-25065 | Information Exposure Through Discrepancy vulnerability in Google Android An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. | 7.5 |
| 2020-08-26 | CVE-2020-24008 | Information Exposure Through Discrepancy vulnerability in Umanni Human Resources 1.0 Umanni RH 1.0 has a user enumeration vulnerability. | 5.3 |
| 2020-08-17 | CVE-2020-1459 | Information Exposure Through Discrepancy vulnerability in Microsoft Windows 10 An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka "straight-line speculation." To exploit this vulnerability, an attacker with local privileges would need to run a specially crafted application. The security update addresses the vulnerability by bypassing the speculative execution. | 7.5 |
| 2020-08-10 | CVE-2020-17478 | Information Exposure Through Discrepancy vulnerability in P5-Crypt-Perl Project P5-Crypt-Perl ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm. | 7.5 |