Vulnerabilities > Information Exposure Through Discrepancy

DATE CVE VULNERABILITY TITLE RISK
2019-07-23 CVE-2019-9815 Information Exposure Through Discrepancy vulnerability in Mozilla Firefox
If hyperthreading is not disabled, a timing attack vulnerability exists, similar to previous Spectre attacks.
network
high complexity
mozilla CWE-203
8.1
2019-07-16 CVE-2019-13383 Information Exposure Through Discrepancy vulnerability in Control-Webpanel Webpanel 0.9.8.836
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.
network
low complexity
control-webpanel CWE-203
5.3
2019-05-28 CVE-2019-12383 Information Exposure Through Discrepancy vulnerability in Torproject TOR Browser
Tor Browser before 8.0.1 has an information exposure vulnerability.
network
low complexity
torproject CWE-203
4.3
2019-05-24 CVE-2019-10848 Information Exposure Through Discrepancy vulnerability in Computrols Building Automation Software
Computrols CBAS 18.0.0 allows Username Enumeration.
network
low complexity
computrols CWE-203
5.3
2019-05-16 CVE-2019-10114 Information Exposure Through Discrepancy vulnerability in Gitlab
An Information Exposure issue (issue 2 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2.
network
low complexity
gitlab CWE-203
7.5
2019-05-13 CVE-2019-7217 Information Exposure Through Discrepancy vulnerability in Citrix Sharefile
Citrix ShareFile before 19.12 allows User Enumeration.
network
low complexity
citrix CWE-203
7.5
2019-04-28 CVE-2019-11578 Information Exposure Through Discrepancy vulnerability in Dhcpcd Project Dhcpcd
auth.c in dhcpcd before 7.2.1 allowed attackers to infer secrets by performing latency attacks.
network
high complexity
dhcpcd-project CWE-203
5.9
2019-04-17 CVE-2019-9495 Information Exposure Through Discrepancy vulnerability in multiple products
The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns.
3.7
2019-04-17 CVE-2019-9494 Information Exposure Through Discrepancy vulnerability in multiple products
The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns.
5.9
2019-03-28 CVE-2019-6602 Information Exposure Through Discrepancy vulnerability in F5 products
In BIG-IP 11.5.1-11.5.8 and 11.6.1-11.6.3, the Configuration Utility login page may not follow best security practices when handling a malicious request.
network
low complexity
f5 CWE-203
7.5