Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-18 | CVE-2023-23584 | Information Exposure Through Discrepancy vulnerability in Gallagher Command Centre An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. | 4.3 |
| 2023-12-18 | CVE-2023-50979 | Information Exposure Through Discrepancy vulnerability in Cryptopp Crypto++ Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding. | 5.9 |
| 2023-12-12 | CVE-2023-4421 | Information Exposure Through Discrepancy vulnerability in Mozilla NSS The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. | 6.5 |
| 2023-12-05 | CVE-2023-45287 | Information Exposure Through Discrepancy vulnerability in Golang GO Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. | 7.5 |
| 2023-12-04 | CVE-2023-40090 | Information Exposure Through Discrepancy vulnerability in Google Android In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. | 6.5 |
| 2023-11-28 | CVE-2023-49092 | Information Exposure Through Discrepancy vulnerability in Rustcrypto RSA RustCrypto/RSA is a portable RSA implementation in pure Rust. | 5.9 |
| 2023-11-28 | CVE-2023-5981 | Information Exposure Through Discrepancy vulnerability in multiple products A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. | 5.9 |
| 2023-11-07 | CVE-2023-47102 | Information Exposure Through Discrepancy vulnerability in Urbackup Server 2.5.31 UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid. | 5.3 |
| 2023-10-30 | CVE-2022-20264 | Information Exposure Through Discrepancy vulnerability in Google Android In Usage Stats Service, there is a possible way to determine whether an app is installed, without query permissions due to side channel information disclosure. | 5.5 |
| 2023-10-30 | CVE-2023-21293 | Information Exposure Through Discrepancy vulnerability in Google Android In PackageManagerNative, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 |