Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-203

CWE-203

Observable Discrepancy

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

733 vulnerabilities with CWE-203

CVE-2022-45403 MEDIUM

Firefox < 107.0, Firefox ESR < 102.5, Thunderbird < 102.5 - Information Disclosure via Cross-Origin Media Timing

CVE-2022-34477 HIGH

Firefox < 102.0 - Cross-Site Leak via MediaError Message Inconsistency

CVE-2022-31742 MEDIUM

Firefox < 101 and Firefox ESR < 91.10 - Cross-Origin Account Linking via WebAuthn Timing Attack

CVE-2022-26382 MEDIUM

Firefox < 98.0 - Information Disclosure via Autofill Tooltip Font Rendering

CVE-2022-20559 LOW

Android 13 - Local Information Disclosure via Permission Revocation Side Channel

CVE-2022-20538 MEDIUM

Android 13 - Local Information Disclosure via Side Channel in RoleService

CVE-2022-20535 LOW

Android 13 - Unauthenticated Local Information Disclosure via WifiManager Side Channel

CVE-2022-46392 MEDIUM

Mbed TLS <2.28.2, <3.3.0 - Info Disclosure

CVE-2022-3907 HIGH

Clerk WordPress Plugin < 4.0.0 - Timing Attack via API Key Validation

CVE-2022-4087 LOW

iPXE < 2022-11-08 - Information Exposure via TLS Ciphertext Padding Length

CVE-2022-45163 MEDIUM

NXP i.MX Firmware - Information Disclosure via Serial Download Protocol

CVE-2022-41914 LOW

Zulip Server 5.0-5.6 - SCIM Bearer Token Timing Side-Channel Exposure

CVE-2022-20940 MEDIUM

Cisco Firepower Threat Defense 6.2.3 - Unauthenticated Information Disclosure via TLS Bleichenbacher Attack

CVE-2022-40084 MEDIUM

opencrx < 5.2.2 - User Enumeration via Password Reset Error Message Discrepancy

CVE-2022-43412 MEDIUM

Jenkins Generic Webhook Trigger Plugin <1.84.1 - Info Disclosure

CVE-2022-43411 MEDIUM

Jenkins GitLab Plugin <1.5.35 - Info Disclosure

CVE-2022-2891 MEDIUM

WP 2FA <2.3.0 - Info Disclosure

CVE-2022-40895 CRITICAL

NeDi <= 1.0.7 - Unauthenticated User Enumeration via Forgot Password Utility

CVE-2022-35888 MEDIUM

Ampere Altra/Ampere Altra Max <2022-07-15 - Info Disclosure

CVE-2022-32218 MEDIUM

Rocket.Chat < 4.7.5 - Message ID Enumeration via Regex MongoDB Queries

CVE-2022-36105 MEDIUM

TYPO3 7.0.0-7.6.57, 10.0.0-10.4.31 - User Enumeration via Authentication Timing Discrepancy

CVE-2022-37146 MEDIUM

PlexTrac < 1.28.0 - Unauthenticated Username Enumeration via Login Response Timing

CVE-2022-1989 MEDIUM

CODESYS Visualization <V4.2.0.0 - Info Disclosure

CVE-2022-37459 HIGH

Ampere Altra and Altra Max Firmware - Return Address Prediction Hijack via Retbleed Side-Channel

CVE-2022-2612 MEDIUM

Google Chrome <104.0.5112.79 - Info Disclosure

Previous Page 15 of 30 Next

Details

Vulnerabilities 733

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy