Vulnerabilities > Information Exposure Through Discrepancy

DATE CVE VULNERABILITY TITLE RISK
2017-12-13 CVE-2017-13099 Information Exposure Through Discrepancy vulnerability in multiple products
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated.
network
high complexity
wolfssl siemens arubanetworks CWE-203
5.9
2017-12-13 CVE-2017-13098 Information Exposure Through Discrepancy vulnerability in Bouncycastle Legion-Of-The-Bouncy-Castle-Java-Crytography-Api
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated.
network
high complexity
bouncycastle CWE-203
5.9
2017-12-12 CVE-2017-1000385 Information Exposure Through Discrepancy vulnerability in multiple products
The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding.
network
high complexity
erlang debian CWE-203
5.9
2017-11-17 CVE-2017-6168 Information Exposure Through Discrepancy vulnerability in F5 products
On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 HF1 (fixed in 12.1.2 HF2), or 13.0.0-13.0.0 HF2 (fixed in 13.0.0 HF3) a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) against RSA, which when exploited, may result in plaintext recovery of encrypted messages and/or a Man-in-the-middle (MiTM) attack, despite the attacker not having gained access to the server's private key itself, aka a ROBOT attack.
network
high complexity
f5 CWE-203
7.4
2017-10-27 CVE-2017-5107 Information Exposure Through Discrepancy vulnerability in multiple products
A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page.
network
high complexity
google redhat CWE-203
5.3
2017-08-10 CVE-2016-0762 Information Exposure Through Discrepancy vulnerability in multiple products
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist.
network
high complexity
apache canonical debian redhat netapp oracle CWE-203
5.9
2017-07-20 CVE-2017-7006 Information Exposure Through Discrepancy vulnerability in Apple products
An issue was discovered in certain Apple products.
network
high complexity
apple CWE-203
5.3
2017-06-16 CVE-2017-9735 Information Exposure Through Discrepancy vulnerability in multiple products
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
network
low complexity
eclipse debian oracle CWE-203
7.5
2017-04-22 CVE-2017-8055 Information Exposure Through Discrepancy vulnerability in Watchguard Fireware 11.0.2/11.1/11.2.1
WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler.
network
low complexity
watchguard CWE-203
5.3
2017-04-14 CVE-2016-6489 Information Exposure Through Discrepancy vulnerability in multiple products
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
network
low complexity
redhat canonical nettle-project CWE-203
7.5