Vulnerabilities > Information Exposure Through Discrepancy

DATE CVE VULNERABILITY TITLE RISK
2023-09-04 CVE-2023-3221 Information Exposure Through Discrepancy vulnerability in Password Recovery Project Password Recovery 1.2
User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database.
network
low complexity
password-recovery-project CWE-203
5.3
2023-08-29 CVE-2023-39522 Information Exposure Through Discrepancy vulnerability in Goauthentik Authentik
goauthentik is an open-source Identity Provider.
network
low complexity
goauthentik CWE-203
5.3
2023-08-28 CVE-2023-40756 Information Exposure Through Discrepancy vulnerability in PHPjabbers Callback Widget 1.0
User enumeration is found in PHPJabbers Callback Widget v1.0.
network
low complexity
phpjabbers CWE-203
critical
9.8
2023-08-22 CVE-2023-33850 Information Exposure Through Discrepancy vulnerability in IBM Cics TX and Txseries for Multiplatform
IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation.
network
low complexity
ibm CWE-203
7.5
2023-08-16 CVE-2023-40021 Information Exposure Through Discrepancy vulnerability in Oppia
Oppia is an online learning platform.
network
high complexity
oppia CWE-203
5.3
2023-08-16 CVE-2023-40343 Information Exposure Through Discrepancy vulnerability in Jenkins Tuleap Authentication
Jenkins Tuleap Authentication Plugin 1.1.20 and earlier uses a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.
network
high complexity
jenkins CWE-203
5.9
2023-08-11 CVE-2022-40982 Information Exposure Through Discrepancy vulnerability in multiple products
Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
local
low complexity
redhat xen intel debian netapp CWE-203
6.5
2023-08-08 CVE-2023-20569 Information Exposure Through Discrepancy vulnerability in multiple products
A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction.
local
high complexity
fedoraproject debian amd CWE-203
4.7
2023-08-01 CVE-2023-20583 Information Exposure Through Discrepancy vulnerability in AMD *
A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.
local
high complexity
amd CWE-203
4.7
2023-07-31 CVE-2023-3462 Information Exposure Through Discrepancy vulnerability in Hashicorp Vault 1.13.0/1.13.4/1.14.0
HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method.
network
low complexity
hashicorp CWE-203
5.3