Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-27 | CVE-2014-4156 | Information Exposure Through Discrepancy vulnerability in Proxmox Virtual Environment Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability | 5.3 |
| 2020-01-24 | CVE-2014-9720 | Information Exposure Through Discrepancy vulnerability in Tornadoweb Tornado Tornado before 3.2.2 sends arbitrary responses that contain a fixed CSRF token and may be sent with HTTP compression, which makes it easier for remote attackers to conduct a BREACH attack and determine this token via a series of crafted requests. | 6.5 |
| 2020-01-23 | CVE-2019-16516 | Information Exposure Through Discrepancy vulnerability in Connectwise Control 19.3.25270.7185 An issue was discovered in ConnectWise Control (formerly known as ScreenConnect) 19.3.25270.7185. | 5.3 |
| 2020-01-23 | CVE-2019-18222 | Information Exposure Through Discrepancy vulnerability in multiple products The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks. | 4.7 |
| 2020-01-23 | CVE-2019-20399 | Information Exposure Through Discrepancy vulnerability in Parity Libsecp256K1 A timing vulnerability in the Scalar::check_overflow function in Parity libsecp256k1-rs before 0.3.1 potentially allows an attacker to leak information via a side-channel attack. | 5.9 |
| 2020-01-06 | CVE-2019-9472 | Information Exposure Through Discrepancy vulnerability in Google Android In DCRYPTO_equals of compare.c, there is a possible timing attack due to improperly used crypto. | 5.5 |
| 2019-12-30 | CVE-2019-19805 | Information Exposure Through Discrepancy vulnerability in Mfscripts Yetishare _account_forgot_password.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 takes a different amount of time to return depending on whether an email address is configured for the account name provided. | 5.3 |
| 2019-12-20 | CVE-2015-8313 | Information Exposure Through Discrepancy vulnerability in multiple products GnuTLS incorrectly validates the first byte of padding in CBC modes | 5.9 |
| 2019-12-18 | CVE-2019-16782 | Information Exposure Through Discrepancy vulnerability in multiple products There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). | 5.9 |
| 2019-12-04 | CVE-2019-18850 | Information Exposure Through Discrepancy vulnerability in Trustedsec Trevorc2 1.1/1.2 TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and interacting with the "SITE_PATH_QUERY". | 7.5 |