Vulnerabilities > Information Exposure Through Discrepancy

DATE CVE VULNERABILITY TITLE RISK
2024-06-06 CVE-2024-5124 Information Exposure Through Discrepancy vulnerability in Gaizhenbiao Chuanhuchatgpt
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic.
network
low complexity
gaizhenbiao CWE-203
7.5
2024-02-21 CVE-2022-45177 Information Exposure Through Discrepancy vulnerability in Liveboxcloud Vdesk 018/031
An issue was discovered in LIVEBOX Collaboration vDesk through v031.
network
low complexity
liveboxcloud CWE-203
7.5
2024-02-11 CVE-2024-25714 Information Exposure Through Discrepancy vulnerability in multiple products
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures.
network
low complexity
rhonabwy-project debian CWE-203
critical
9.8
2024-02-09 CVE-2023-6935 Information Exposure Through Discrepancy vulnerability in Wolfssl
wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6.  Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack.
network
high complexity
wolfssl CWE-203
5.9
2024-02-08 CVE-2024-25189 Information Exposure Through Discrepancy vulnerability in Bencollins JWT C Library 1.15.3
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
network
low complexity
bencollins CWE-203
critical
9.8
2024-02-08 CVE-2024-25190 Information Exposure Through Discrepancy vulnerability in Glitchedpolygons L8W8Jwt 2.2.1
l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
network
low complexity
glitchedpolygons CWE-203
critical
9.8
2024-02-08 CVE-2024-25191 Information Exposure Through Discrepancy vulnerability in Zihanggao PHP-Jwt 1.0.0
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
network
low complexity
zihanggao CWE-203
critical
9.8
2024-02-08 CVE-2024-25146 Information Exposure Through Discrepancy vulnerability in Liferay DXP and Liferay Portal
Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs.
network
low complexity
liferay CWE-203
5.3
2024-02-05 CVE-2023-50781 Information Exposure Through Discrepancy vulnerability in multiple products
A flaw was found in m2crypto.
network
low complexity
redhat m2crypto-project CWE-203
7.5
2024-02-05 CVE-2023-50782 Information Exposure Through Discrepancy vulnerability in multiple products
A flaw was found in the python-cryptography package.
network
low complexity
redhat cryptography-io couchbase CWE-203
7.5