Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-27 | CVE-2019-11743 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird Navigation events were not fully adhering to the W3C's "Navigation-Timing Level 2" draft specification in some instances for the unload event, which restricts access to detailed timing attributes to only be same-origin. | 4.3 |
| 2019-09-25 | CVE-2019-6651 | Information Exposure Through Discrepancy vulnerability in F5 products In BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.5.1-11.6.4, BIG-IQ 7.0.0, 6.0.0-6.1.0,5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, the Configuration utility login page may not follow best security practices when handling a malicious request. | 5.3 |
| 2019-09-21 | CVE-2019-16669 | Information Exposure Through Discrepancy vulnerability in Pagekit 1.0.17 The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts. | 5.0 |
| 2019-09-18 | CVE-2019-3740 | Information Exposure Through Discrepancy vulnerability in multiple products RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. | 6.5 |
| 2019-09-17 | CVE-2019-16394 | Information Exposure Through Discrepancy vulnerability in multiple products SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers. | 5.0 |
| 2019-09-16 | CVE-2019-10071 | Information Exposure Through Discrepancy vulnerability in Apache Tapestry 5.4.0 The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. | 9.8 |
| 2019-09-10 | CVE-2019-1563 | Information Exposure Through Discrepancy vulnerability in Openssl In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. | 3.7 |
| 2019-09-10 | CVE-2019-11465 | Information Exposure Through Discrepancy vulnerability in Couchbase Server An issue was discovered in Couchbase Server 5.5.x through 5.5.3 and 6.0.0. | 5.0 |
| 2019-08-21 | CVE-2019-13599 | Information Exposure Through Discrepancy vulnerability in Control-Webpanel Webpanel 0.9.8.848 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times. | 5.3 |
| 2019-08-15 | CVE-2019-13377 | Information Exposure Through Discrepancy vulnerability in multiple products The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. | 5.9 |