Vulnerabilities > Information Exposure Through Discrepancy

DATE CVE VULNERABILITY TITLE RISK
2024-02-08 CVE-2024-25189 Information Exposure Through Discrepancy vulnerability in Bencollins JWT C Library 1.15.3
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
network
low complexity
bencollins CWE-203
critical
9.8
2024-02-08 CVE-2024-25190 Information Exposure Through Discrepancy vulnerability in Glitchedpolygons L8W8Jwt 2.2.1
l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
network
low complexity
glitchedpolygons CWE-203
critical
9.8
2024-02-08 CVE-2024-25191 Information Exposure Through Discrepancy vulnerability in Zihanggao PHP-Jwt 1.0.0
php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
network
low complexity
zihanggao CWE-203
critical
9.8
2024-02-08 CVE-2024-25146 Information Exposure Through Discrepancy vulnerability in Liferay DXP and Liferay Portal
Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs.
network
low complexity
liferay CWE-203
5.3
2024-02-05 CVE-2023-50781 Information Exposure Through Discrepancy vulnerability in multiple products
A flaw was found in m2crypto.
network
low complexity
redhat m2crypto-project CWE-203
7.5
2024-02-05 CVE-2023-50782 Information Exposure Through Discrepancy vulnerability in multiple products
A flaw was found in the python-cryptography package.
network
low complexity
redhat cryptography-io couchbase CWE-203
7.5
2024-02-05 CVE-2024-0202 Information Exposure Through Discrepancy vulnerability in Cryptlib 3.4.4
A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS (by setting the USE_RSA_SUITES define), it will be vulnerable to the timing variant of the Bleichenbacher attack.
network
high complexity
cryptlib CWE-203
5.9
2024-02-02 CVE-2021-21575 Information Exposure Through Discrepancy vulnerability in Dell Bsafe Micro-Edition-Suite
Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.
network
low complexity
dell CWE-203
critical
9.8
2024-01-31 CVE-2024-23170 Information Exposure Through Discrepancy vulnerability in ARM Mbed TLS
An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2.
local
low complexity
arm CWE-203
5.5
2024-01-31 CVE-2024-0914 Information Exposure Through Discrepancy vulnerability in multiple products
A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts.
network
high complexity
opencryptoki-project redhat CWE-203
5.9