Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-07 | CVE-2023-51437 | Information Exposure Through Discrepancy vulnerability in Apache Pulsar Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification. Users are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. | 7.4 |
| 2024-02-05 | CVE-2023-50781 | Information Exposure Through Discrepancy vulnerability in multiple products A flaw was found in m2crypto. | 7.5 |
| 2024-02-05 | CVE-2023-50782 | Information Exposure Through Discrepancy vulnerability in multiple products A flaw was found in the python-cryptography package. | 7.5 |
| 2024-02-05 | CVE-2024-0202 | Information Exposure Through Discrepancy vulnerability in Cryptlib 3.4.4 A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS (by setting the USE_RSA_SUITES define), it will be vulnerable to the timing variant of the Bleichenbacher attack. | 5.9 |
| 2024-02-04 | CVE-2023-6240 | Information Exposure Through Discrepancy vulnerability in multiple products A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. | 6.5 |
| 2024-02-02 | CVE-2021-21575 | Information Exposure Through Discrepancy vulnerability in Dell Bsafe Micro-Edition-Suite Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. | 9.8 |
| 2024-01-31 | CVE-2023-5992 | Information Exposure Through Discrepancy vulnerability in multiple products A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. | 5.9 |
| 2024-01-31 | CVE-2024-23170 | Information Exposure Through Discrepancy vulnerability in ARM Mbed TLS An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. | 5.5 |
| 2024-01-31 | CVE-2024-0914 | Information Exposure Through Discrepancy vulnerability in multiple products A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. | 5.9 |
| 2024-01-30 | CVE-2023-6258 | Information Exposure Through Discrepancy vulnerability in Latchset Pkcs11-Provider 0.1 A security vulnerability has been identified in the pkcs11-provider, which is associated with Public-Key Cryptography Standards (PKCS#11). | 8.1 |