Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-09 | CVE-2024-2408 | Information Exposure Through Discrepancy vulnerability in multiple products The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). | 5.9 |
| 2024-06-06 | CVE-2024-5124 | Information Exposure Through Discrepancy vulnerability in Gaizhenbiao Chuanhuchatgpt A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. | 7.5 |
| 2024-05-22 | CVE-2020-35165 | Information Exposure Through Discrepancy vulnerability in Dell products Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. | 4.7 |
| 2024-05-21 | CVE-2021-47226 | Information Exposure Through Discrepancy vulnerability in Linux Kernel In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Invalidate FPU state after a failed XRSTOR from a user buffer Both Intel and AMD consider it to be architecturally valid for XRSTOR to fail with #PF but nonetheless change the register state. | 7.1 |
| 2024-05-04 | CVE-2023-27283 | Information Exposure Through Discrepancy vulnerability in IBM Aspera Orchestrator 4.0.1 IBM Aspera Orchestrator 4.0.1 could allow a remote attacker to enumerate usernames due to observable response discrepancies. | 5.3 |
| 2024-05-03 | CVE-2021-20556 | Information Exposure Through Discrepancy vulnerability in IBM Cognos Controller 10.4.1/10.4.2/11.0.0 IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote user to enumerate usernames due to differentiating error messages on existing usernames. | 5.3 |
| 2024-04-18 | CVE-2024-30257 | Information Exposure Through Discrepancy vulnerability in Fit2Cloud 1Panel 1Panel is an open source Linux server operation and maintenance management panel. | 5.9 |
| 2024-04-09 | CVE-2024-26221 | Information Exposure Through Discrepancy vulnerability in Microsoft products Windows DNS Server Remote Code Execution Vulnerability | 6.6 |
| 2024-03-20 | CVE-2024-28868 | Information Exposure Through Discrepancy vulnerability in Umbraco CMS Umbraco is an ASP.NET content management system. | 5.3 |
| 2024-03-04 | CVE-2023-38362 | Information Exposure Through Discrepancy vulnerability in IBM Cics TX 10.1 IBM CICS TX Advanced 10.1 could disclose sensitive information to a remote attacker due to observable discrepancy in HTTP responses. | 5.3 |