Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-18 | CVE-2024-30257 | Information Exposure Through Discrepancy vulnerability in Fit2Cloud 1Panel 1Panel is an open source Linux server operation and maintenance management panel. | 5.9 |
| 2024-04-09 | CVE-2024-26221 | Information Exposure Through Discrepancy vulnerability in Microsoft products Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
| 2024-03-20 | CVE-2024-28868 | Information Exposure Through Discrepancy vulnerability in Umbraco CMS Umbraco is an ASP.NET content management system. | 5.3 |
| 2024-03-04 | CVE-2023-38362 | Information Exposure Through Discrepancy vulnerability in IBM Cics TX 10.1 IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to observable discrepancy in HTTP responses. | 5.3 |
| 2024-02-21 | CVE-2022-45177 | Information Exposure Through Discrepancy vulnerability in Liveboxcloud Vdesk 018/031 An issue was discovered in LIVEBOX Collaboration vDesk through v031. | 7.5 |
| 2024-02-20 | CVE-2023-50306 | Information Exposure Through Discrepancy vulnerability in IBM Common Licensing 9.0 IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. | 3.3 |
| 2024-02-20 | CVE-2024-26268 | Information Exposure Through Discrepancy vulnerability in Liferay Portal User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time. | 5.3 |
| 2024-02-11 | CVE-2024-25714 | Information Exposure Through Discrepancy vulnerability in multiple products In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. | 9.8 |
| 2024-02-09 | CVE-2023-6935 | Information Exposure Through Discrepancy vulnerability in Wolfssl wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6. Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. | 5.9 |
| 2024-02-08 | CVE-2024-25189 | Information Exposure Through Discrepancy vulnerability in Bencollins JWT C Library 1.15.3 libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | 9.8 |