Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-17 | CVE-2024-6056 | Information Exposure Through Discrepancy vulnerability in Nasirkhan Laravel Starter A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. | 5.3 |
| 2024-06-16 | CVE-2024-38465 | Information Exposure Through Discrepancy vulnerability in Guoxinled Synthesis Image System Shenzhen Guoxin Synthesis image system before 8.3.0 allows username enumeration because of the response discrepancy of incorrect versus error. | 5.3 |
| 2024-06-15 | CVE-2024-31870 | Information Exposure Through Discrepancy vulnerability in IBM I IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. | 3.3 |
| 2024-06-11 | CVE-2024-5690 | Information Exposure Through Discrepancy vulnerability in multiple products By monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's system. | 4.3 |
| 2024-06-10 | CVE-2024-37880 | Information Exposure Through Discrepancy vulnerability in Pq-Crystals Kyber The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. | 7.5 |
| 2024-06-09 | CVE-2024-2408 | Information Exposure Through Discrepancy vulnerability in multiple products The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). | 5.9 |
| 2024-06-06 | CVE-2024-5124 | Information Exposure Through Discrepancy vulnerability in Gaizhenbiao Chuanhuchatgpt A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. | 7.5 |
| 2024-05-22 | CVE-2020-35165 | Information Exposure Through Discrepancy vulnerability in Dell products Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. | 4.7 |
| 2024-05-04 | CVE-2023-27283 | Information Exposure Through Discrepancy vulnerability in IBM Aspera Orchestrator 4.0.1 IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies. | 5.3 |
| 2024-05-03 | CVE-2021-20556 | Information Exposure Through Discrepancy vulnerability in IBM Cognos Controller 10.4.1/10.4.2/11.0.0 IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. | 5.3 |