Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-05-13 | CVE-2020-11063 | Information Exposure Through Discrepancy vulnerability in Typo3 10.4.0/10.4.1 In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. | 3.7 |
| 2020-04-16 | CVE-2019-14007 | Information Exposure Through Discrepancy vulnerability in Qualcomm products Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channel for SUI corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, Rennell, SA6155P, SC7180, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130 | 5.5 |
| 2020-04-16 | CVE-2019-10483 | Information Exposure Through Discrepancy vulnerability in Qualcomm products Side channel issue in QTEE due to usage of non-time-constant comparison function such as memcmp or strcmp in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA8081, QCS404, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX55, SM6150, SM7150, SM8150, SXR1130, SXR2130 | 5.5 |
| 2020-04-15 | CVE-2020-10932 | Information Exposure Through Discrepancy vulnerability in multiple products An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. | 4.7 |
| 2020-04-12 | CVE-2020-11713 | Information Exposure Through Discrepancy vulnerability in Wolfssl 4.3.0 wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks. | 7.5 |
| 2020-04-08 | CVE-2020-11576 | Information Exposure Through Discrepancy vulnerability in Argoproj Argo CD 1.5.0 Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned 401 for an existing username and 404 otherwise. | 5.3 |
| 2020-03-05 | CVE-2020-10102 | Information Exposure Through Discrepancy vulnerability in Zammad An issue was discovered in Zammad 3.0 through 3.2. | 5.3 |
| 2020-02-17 | CVE-2020-7959 | Information Exposure Through Discrepancy vulnerability in Labvantage 8.3 LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. | 5.3 |
| 2020-02-13 | CVE-2020-8989 | Information Exposure Through Discrepancy vulnerability in Voatz 20200101 In the Voatz application 2020-01-01 for Android, the amount of data transmitted during a single voter's vote depends on the different lengths of the metadata across the available voting choices, which makes it easier for remote attackers to discover this voter's choice by sniffing the network. | 5.3 |
| 2020-02-11 | CVE-2020-6400 | Information Exposure Through Discrepancy vulnerability in multiple products Inappropriate implementation in CORS in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |