Vulnerabilities > Information Exposure Through Discrepancy
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-02-08 | CVE-2024-25189 | Information Exposure Through Discrepancy vulnerability in Bencollins JWT C Library 1.15.3 libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | 9.8 |
2024-02-08 | CVE-2024-25190 | Information Exposure Through Discrepancy vulnerability in Glitchedpolygons L8W8Jwt 2.2.1 l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | 9.8 |
2024-02-08 | CVE-2024-25191 | Information Exposure Through Discrepancy vulnerability in Zihanggao PHP-Jwt 1.0.0 php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | 9.8 |
2024-02-08 | CVE-2024-25146 | Information Exposure Through Discrepancy vulnerability in Liferay DXP and Liferay Portal Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. | 5.3 |
2024-02-05 | CVE-2023-50781 | Information Exposure Through Discrepancy vulnerability in multiple products A flaw was found in m2crypto. | 7.5 |
2024-02-05 | CVE-2023-50782 | Information Exposure Through Discrepancy vulnerability in multiple products A flaw was found in the python-cryptography package. | 7.5 |
2024-02-05 | CVE-2024-0202 | Information Exposure Through Discrepancy vulnerability in Cryptlib 3.4.4 A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS (by setting the USE_RSA_SUITES define), it will be vulnerable to the timing variant of the Bleichenbacher attack. | 5.9 |
2024-02-02 | CVE-2021-21575 | Information Exposure Through Discrepancy vulnerability in Dell Bsafe Micro-Edition-Suite Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. | 9.8 |
2024-01-31 | CVE-2024-23170 | Information Exposure Through Discrepancy vulnerability in ARM Mbed TLS An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. | 5.5 |
2024-01-31 | CVE-2024-0914 | Information Exposure Through Discrepancy vulnerability in multiple products A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. | 5.9 |