Vulnerabilities > Information Exposure Through Discrepancy

DATE CVE VULNERABILITY TITLE RISK
2023-10-30 CVE-2023-21354 Information Exposure Through Discrepancy vulnerability in Google Android 14.0
In Package Manager Service, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.
local
low complexity
google CWE-203
5.5
2023-10-25 CVE-2023-5722 Information Exposure Through Discrepancy vulnerability in Mozilla Firefox
Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header.
network
low complexity
mozilla CWE-203
5.3
2023-10-19 CVE-2022-25332 Information Exposure Through Discrepancy vulnerability in TI Omap L138 Firmware
The AES implementation in the Texas Instruments OMAP L138 (secure variants), present in mask ROM, suffers from a timing side channel which can be exploited by an adversary with non-secure supervisor privileges by managing cache contents and collecting timing information for different ciphertext inputs.
local
high complexity
ti CWE-203
4.1
2023-10-10 CVE-2023-36127 Information Exposure Through Discrepancy vulnerability in PHPjabbers Appointment Scheduler 3.0
User enumeration is found in in PHPJabbers Appointment Scheduler 3.0.
network
low complexity
phpjabbers CWE-203
7.5
2023-10-10 CVE-2023-43623 Information Exposure Through Discrepancy vulnerability in Mendix Forgot Password
A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All versions < V5.4.0), Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.3), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.3), Mendix Forgot Password (Mendix 9 compatible) (All versions < V5.4.0).
network
low complexity
mendix CWE-203
5.3
2023-09-28 CVE-2023-38871 Information Exposure Through Discrepancy vulnerability in Economizzer 0.9/April2023
The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities.
network
low complexity
economizzer CWE-203
5.3
2023-09-27 CVE-2023-44216 Information Exposure Through Discrepancy vulnerability in multiple products
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue.
5.3
2023-09-20 CVE-2023-25529 Information Exposure Through Discrepancy vulnerability in Nvidia DGX H100 Firmware
NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses.
network
high complexity
nvidia CWE-203
8.1
2023-09-19 CVE-2023-4095 Information Exposure Through Discrepancy vulnerability in Fujitsu Arconte Aurea 1.5.0.0
User enumeration vulnerability in Arconte Áurea 1.5.0.0 version.
network
low complexity
fujitsu CWE-203
5.3
2023-09-12 CVE-2023-41885 Information Exposure Through Discrepancy vulnerability in Piccolo-Orm Piccolo
Piccolo is an ORM and query builder which supports asyncio.
network
low complexity
piccolo-orm CWE-203
5.3