Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-26 | CVE-2024-0436 | Information Exposure Through Discrepancy vulnerability in Mintplexlabs Anythingllm 0.0.1/0.1.0 Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the `!==` used for comparison. The risk is minified by the additional overhead of the request, which varies in a non-constant nature making the attack less reliable to execute | 5.9 |
| 2024-02-21 | CVE-2022-45177 | Information Exposure Through Discrepancy vulnerability in Liveboxcloud Vdesk 018/031 An issue was discovered in LIVEBOX Collaboration vDesk through v031. | 7.5 |
| 2024-02-20 | CVE-2023-50306 | Information Exposure Through Discrepancy vulnerability in IBM Common Licensing 9.0 IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. | 3.3 |
| 2024-02-20 | CVE-2024-26268 | Information Exposure Through Discrepancy vulnerability in Liferay Portal User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time. | 5.3 |
| 2024-02-11 | CVE-2024-25714 | Information Exposure Through Discrepancy vulnerability in multiple products In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. | 9.8 |
| 2024-02-09 | CVE-2023-6935 | Information Exposure Through Discrepancy vulnerability in Wolfssl wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6. Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. | 5.9 |
| 2024-02-08 | CVE-2024-25189 | Information Exposure Through Discrepancy vulnerability in Bencollins JWT C Library 1.15.3 libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | 9.8 |
| 2024-02-08 | CVE-2024-25190 | Information Exposure Through Discrepancy vulnerability in Glitchedpolygons L8W8Jwt 2.2.1 l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | 9.8 |
| 2024-02-08 | CVE-2024-25191 | Information Exposure Through Discrepancy vulnerability in Zihanggao PHP-Jwt 1.0.0 php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | 9.8 |
| 2024-02-08 | CVE-2024-25146 | Information Exposure Through Discrepancy vulnerability in Liferay DXP and Liferay Portal Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. | 5.3 |