Vulnerabilities > Information Exposure Through Discrepancy

DATE CVE VULNERABILITY TITLE RISK
2020-12-21 CVE-2020-35624 Information Exposure Through Discrepancy vulnerability in Mediawiki
An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1.
network
low complexity
mediawiki CWE-203
5.0
2020-12-15 CVE-2020-29480 Information Exposure Through Discrepancy vulnerability in multiple products
An issue was discovered in Xen through 4.14.x.
local
low complexity
xen debian fedoraproject CWE-203
2.1
2020-12-14 CVE-2020-0464 Information Exposure Through Discrepancy vulnerability in Google Android 10.0
In resolv_cache_lookup of res_cache.cpp, there is a possible side channel information disclosure.
local
low complexity
google CWE-203
2.1
2020-11-12 CVE-2020-12912 Information Exposure Through Discrepancy vulnerability in AMD Energy Driver for Linux
A potential vulnerability in the AMD extension to Linux "hwmon" service may allow an attacker to use the Linux-based Running Average Power Limit (RAPL) interface to show various side channel attacks.
local
low complexity
amd CWE-203
2.1
2020-11-10 CVE-2020-28368 Information Exposure Through Discrepancy vulnerability in multiple products
Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack.
local
low complexity
xen fedoraproject CWE-203
2.1
2020-11-02 CVE-2020-26939 Information Exposure Through Discrepancy vulnerability in Bouncycastle Legion-Of-The-Bouncy-Castle
In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1.2, attackers can obtain sensitive information about a private exponent because of Observable Differences in Behavior to Error Inputs.
network
low complexity
bouncycastle CWE-203
5.0
2020-10-21 CVE-2020-3585 Information Exposure Through Discrepancy vulnerability in Cisco products
A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information.
network
cisco CWE-203
4.3
2020-10-16 CVE-2020-1685 Information Exposure Through Discrepancy vulnerability in Juniper Junos
When configuring stateless firewall filters in Juniper Networks EX4600 and QFX 5000 Series devices using Virtual Extensible LAN protocol (VXLAN), the discard action will fail to discard traffic under certain conditions.
network
low complexity
juniper CWE-203
5.0
2020-10-12 CVE-2020-4699 Information Exposure Through Discrepancy vulnerability in IBM Security Access Manager and Security Verify Access
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system.
2.9
2020-10-12 CVE-2020-4661 Information Exposure Through Discrepancy vulnerability in IBM Security Access Manager and Security Verify Access
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an attacker to obtain sensitive using timing side channel attacks which could aid in further attacks against the system.
2.9