Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-21 | CVE-2019-16669 | Information Exposure Through Discrepancy vulnerability in Pagekit 1.0.17 The Reset Password feature in Pagekit 1.0.17 gives a different response depending on whether the e-mail address of a valid user account is entered, which might make it easier for attackers to enumerate accounts. | 5.3 |
| 2019-09-18 | CVE-2019-3740 | Information Exposure Through Discrepancy vulnerability in multiple products RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. | 6.5 |
| 2019-09-17 | CVE-2019-16394 | Information Exposure Through Discrepancy vulnerability in multiple products SPIP before 3.1.11 and 3.2 before 3.2.5 provides different error messages from the password-reminder page depending on whether an e-mail address exists, which might help attackers to enumerate subscribers. | 5.3 |
| 2019-09-16 | CVE-2019-10071 | Information Exposure Through Discrepancy vulnerability in Apache Tapestry 5.4.0 The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. | 9.8 |
| 2019-09-10 | CVE-2019-1563 | Information Exposure Through Discrepancy vulnerability in Openssl In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. | 3.7 |
| 2019-08-21 | CVE-2019-13599 | Information Exposure Through Discrepancy vulnerability in Control-Webpanel Webpanel 0.9.8.848 In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.848, the Login process allows attackers to check whether a username is valid by comparing response times. | 5.3 |
| 2019-08-17 | CVE-2019-15132 | Information Exposure Through Discrepancy vulnerability in multiple products Zabbix through 4.4.0alpha1 allows User Enumeration. | 5.3 |
| 2019-08-15 | CVE-2019-13377 | Information Exposure Through Discrepancy vulnerability in multiple products The implementations of SAE and EAP-pwd in hostapd and wpa_supplicant 2.x through 2.8 are vulnerable to side-channel attacks as a result of observable timing differences and cache access patterns when Brainpool curves are used. | 5.9 |
| 2019-08-13 | CVE-2019-13420 | Information Exposure Through Discrepancy vulnerability in Search-Guard Search Guard Search Guard versions before 21.0 had an timing side channel issue when using the internal user database. | 5.9 |
| 2019-08-12 | CVE-2019-14359 | Information Exposure Through Discrepancy vulnerability in Real-Sec BC Vault Firmware On BC Vault devices, a side channel for the row-based SSD1309 OLED display was found. | 2.4 |