Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-22 | CVE-2024-23771 | Information Exposure Through Discrepancy vulnerability in Unix4Lyfe Darkhttpd 1.13/1.131/1.14 darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel. | 9.8 |
| 2024-01-16 | CVE-2024-0553 | Information Exposure Through Discrepancy vulnerability in multiple products A vulnerability was found in GnuTLS. | 7.5 |
| 2024-01-05 | CVE-2023-52323 | Information Exposure Through Discrepancy vulnerability in Pycryptodome and Pycryptodomex PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. | 5.9 |
| 2023-12-21 | CVE-2023-41097 | Information Exposure Through Discrepancy vulnerability in Silabs Gecko Software Development KIT An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0. | 7.5 |
| 2023-12-19 | CVE-2023-6135 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". | 4.3 |
| 2023-12-18 | CVE-2023-23584 | Information Exposure Through Discrepancy vulnerability in Gallagher Command Centre An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. | 4.3 |
| 2023-12-18 | CVE-2023-50979 | Information Exposure Through Discrepancy vulnerability in Cryptopp Crypto++ Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding. | 5.9 |
| 2023-12-12 | CVE-2023-4421 | Information Exposure Through Discrepancy vulnerability in Mozilla NSS The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. | 6.5 |
| 2023-12-05 | CVE-2023-45287 | Information Exposure Through Discrepancy vulnerability in Golang GO Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. | 7.5 |
| 2023-12-04 | CVE-2023-40090 | Information Exposure Through Discrepancy vulnerability in Google Android In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. | 6.5 |