Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-23 | CVE-2019-16516 | Information Exposure Through Discrepancy vulnerability in Connectwise Control 19.3.25270.7185 An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. | 5.3 |
| 2020-01-23 | CVE-2019-18222 | Information Exposure Through Discrepancy vulnerability in multiple products The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks. | 4.7 |
| 2020-01-23 | CVE-2019-20399 | Information Exposure Through Discrepancy vulnerability in Parity Libsecp256K1 A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack. | 5.9 |
| 2020-01-06 | CVE-2019-9472 | Information Exposure Through Discrepancy vulnerability in Google Android In DCRYPTO_equals of compare.c, there is a possible timing attack due to improperly used crypto. | 5.5 |
| 2019-12-30 | CVE-2019-19805 | Information Exposure Through Discrepancy vulnerability in Mfscripts Yetishare _account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 takes a different amount of time to return depending on whether an email address is configured for the account name provided. | 5.3 |
| 2019-12-20 | CVE-2015-8313 | Information Exposure Through Discrepancy vulnerability in multiple products GnuTLS incorrectly validates the first byte of padding in CBC modes | 5.9 |
| 2019-12-18 | CVE-2019-16782 | Information Exposure Through Discrepancy vulnerability in multiple products There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). | 5.9 |
| 2019-12-04 | CVE-2019-18850 | Information Exposure Through Discrepancy vulnerability in Trustedsec Trevorc2 1.1/1.2 TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and interacting with the "SITE_PATH_QUERY". | 7.5 |
| 2019-12-03 | CVE-2019-13456 | Information Exposure Through Discrepancy vulnerability in multiple products In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd handshakes fails because the password element cannot be found within 10 iterations of the hunting and pecking loop. | 6.5 |
| 2019-11-29 | CVE-2015-0837 | Information Exposure Through Discrepancy vulnerability in multiple products The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack." | 5.9 |