Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-20 | CVE-2023-50306 | Information Exposure Through Discrepancy vulnerability in IBM Common Licensing 9.0 IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. | 3.3 |
| 2024-02-20 | CVE-2024-26268 | Information Exposure Through Discrepancy vulnerability in Liferay Portal User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time. | 5.3 |
| 2024-02-11 | CVE-2024-25714 | Information Exposure Through Discrepancy vulnerability in multiple products In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. | 9.8 |
| 2024-02-09 | CVE-2023-6935 | Information Exposure Through Discrepancy vulnerability in Wolfssl wolfSSL SP Math All RSA implementation is vulnerable to the Marvin Attack, new variation of a timing Bleichenbacher style attack, when built with the following options to configure: --enable-all CFLAGS="-DWOLFSSL_STATIC_RSA" The define “WOLFSSL_STATIC_RSA” enables static RSA cipher suites, which is not recommended, and has been disabled by default since wolfSSL 3.6.6. Therefore the default build since 3.6.6, even with "--enable-all", is not vulnerable to the Marvin Attack. | 5.9 |
| 2024-02-08 | CVE-2024-25189 | Information Exposure Through Discrepancy vulnerability in Bencollins JWT C Library 1.15.3 libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | 9.8 |
| 2024-02-08 | CVE-2024-25190 | Information Exposure Through Discrepancy vulnerability in Glitchedpolygons L8W8Jwt 2.2.1 l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | 9.8 |
| 2024-02-08 | CVE-2024-25191 | Information Exposure Through Discrepancy vulnerability in Zihanggao PHP-Jwt 1.0.0 php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. | 9.8 |
| 2024-02-08 | CVE-2024-25146 | Information Exposure Through Discrepancy vulnerability in Liferay DXP and Liferay Portal Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. | 5.3 |
| 2024-02-05 | CVE-2023-50781 | Information Exposure Through Discrepancy vulnerability in multiple products A flaw was found in m2crypto. | 7.5 |
| 2024-02-05 | CVE-2023-50782 | Information Exposure Through Discrepancy vulnerability in multiple products A flaw was found in the python-cryptography package. | 7.5 |