Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-22 | CVE-2018-3639 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. | 2.1 |
| 2018-05-17 | CVE-2017-18268 | Information Exposure Through Discrepancy vulnerability in Broadcom Symantec Intelligencecenter 3.3 Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. | 4.3 |
| 2018-05-17 | CVE-2017-15533 | Information Exposure Through Discrepancy vulnerability in Broadcom SSL Visibility Appliance Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat (ROBOT) attack. | 4.3 |
| 2018-05-10 | CVE-2018-10949 | Information Exposure Through Discrepancy vulnerability in Synacor Zimbra Collaboration Suite mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before 8.7.11.Patch3; and 8.6 allows Account Enumeration by leveraging a Discrepancy between the "HTTP 404 - account is not active" and "HTTP 401 - must authenticate" errors. | 5.0 |
| 2018-03-07 | CVE-2018-1000119 | Information Exposure Through Discrepancy vulnerability in Sinatrarb Rack-Protection 2.0.0 Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. | 4.3 |
| 2018-02-08 | CVE-2018-0134 | Information Exposure Through Discrepancy vulnerability in Cisco Mobility Services Engine 13.0.0/13.1.0 A vulnerability in the RADIUS authentication module of Cisco Policy Suite could allow an unauthenticated, remote attacker to determine whether a subscriber username is valid. | 5.0 |
| 2018-01-04 | CVE-2017-5753 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | 4.7 |
| 2018-01-04 | CVE-2017-5715 | Information Exposure Through Discrepancy vulnerability in multiple products Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | 1.9 |
| 2017-12-15 | CVE-2017-12373 | Information Exposure Through Discrepancy vulnerability in Cisco products A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. | 4.3 |
| 2017-12-13 | CVE-2017-17427 | Information Exposure Through Discrepancy vulnerability in Radware Alteon Firmware Radware Alteon devices with a firmware version between 31.0.0.0-31.0.3.0 are vulnerable to an adaptive-chosen ciphertext attack ("Bleichenbacher attack"). | 4.3 |