Vulnerabilities > Information Exposure Through Discrepancy
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-23 | CVE-2024-23218 | Information Exposure Through Discrepancy vulnerability in Apple products A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. | 5.9 |
| 2024-01-22 | CVE-2024-21484 | Information Exposure Through Discrepancy vulnerability in Jsrsasign Project Jsrsasign Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. | 5.9 |
| 2024-01-22 | CVE-2024-23771 | Information Exposure Through Discrepancy vulnerability in Unix4Lyfe Darkhttpd 1.13/1.131/1.14 darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel. | 9.8 |
| 2024-01-16 | CVE-2024-0553 | Information Exposure Through Discrepancy vulnerability in multiple products A vulnerability was found in GnuTLS. | 7.5 |
| 2024-01-05 | CVE-2023-52323 | Information Exposure Through Discrepancy vulnerability in Pycryptodome and Pycryptodomex PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. | 5.9 |
| 2023-12-21 | CVE-2023-41097 | Information Exposure Through Discrepancy vulnerability in Silabs Gecko Software Development KIT An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.This issue affects GSDK: through 4.4.0. | 7.5 |
| 2023-12-19 | CVE-2023-6135 | Information Exposure Through Discrepancy vulnerability in Mozilla Firefox Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". | 4.3 |
| 2023-12-18 | CVE-2023-23584 | Information Exposure Through Discrepancy vulnerability in Gallagher Command Centre An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. | 4.3 |
| 2023-12-18 | CVE-2023-50979 | Information Exposure Through Discrepancy vulnerability in Cryptopp Crypto++ Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding. | 5.9 |
| 2023-12-12 | CVE-2023-4421 | Information Exposure Through Discrepancy vulnerability in Mozilla NSS The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. | 6.5 |