Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-203

CWE-203

Observable Discrepancy

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

733 vulnerabilities with CWE-203

CVE-2021-24119 MEDIUM

Mbed TLS < 2.26.0 - Side-Channel Information Disclosure via Base64 PEM Decoding

CVE-2021-24116 MEDIUM

wolfssl < 4.6.0 - Side-Channel Information Disclosure via Base64 PEM Decoding

CVE-2021-32528 MEDIUM

QSAN Storage Manager < 3.3.1 - Unauthenticated Exposure of Sensitive System Information

CVE-2021-0089 MEDIUM

Debian Linux - Information Disclosure

CVE-2021-0086 MEDIUM

Intel Brand Verification Tool < 11.0.0.1225 - Observable Discrepancy in Floating-Point Operations

CVE-2021-0001 MEDIUM

Intel Integrated Performance Primitives Cryptography - Observable Timing Discrepancy

CVE-2021-26314 MEDIUM

Xen - Observable Timing Discrepancy via Floating Point Value Injection

CVE-2021-26313 MEDIUM

Xen - Observable Timing Discrepancy via Speculative Code Store Bypass

CVE-2021-33560 HIGH

Libgcrypt <1.8.8 & <1.9.3 - Info Disclosure

CVE-2021-29621 MEDIUM

Flask-AppBuilder <= 3.2.3 - Unauthenticated User Enumeration via Timing Attack

CVE-2021-33880 MEDIUM

websockets < 9.1 - Timing Attack via HTTP Basic Authentication

CVE-2021-33838 HIGH

luca < 1.7.4 - Information Disclosure via Check-In State Request Timing

CVE-2021-22892 HIGH

Rocket.Chat <v3.13 - Info Disclosure

CVE-2021-29415 MEDIUM

nordicsemi nRF52840_firmware < 2021-03-29 - ECDSA Private Key Recovery via Non-Constant Time Implementation

CVE-2021-29687 MEDIUM

IBM Security Identity Manager 7.0.2 - Username Enumeration via Login Response Discrepancy

CVE-2021-27342 MEDIUM

D-Link Router DIR-842 v3.0.2 - Auth Bypass

CVE-2021-21424 MEDIUM

Symfony 3.4.0-3.4.48 - Unauthorized User Enumeration via Switch User Functionality

CVE-2021-1486 MEDIUM

Cisco SD-WAN vManage <20.3.3 & Catalyst SD-WAN Manager 20.4-20.4.1 - Unauthenticated User Enumeration

CVE-2021-31866 MEDIUM

Redmine < 4.0.9 and 4.1.x < 4.1.3 - Timing Attack via String Comparison in SysController and MailHandlerController

CVE-2021-31406 MEDIUM

Vaadin Flow 3.0.0-5.0.3 and Vaadin 15.0.0-18.0.6 - Observable Timing Discrepancy in CSRF Token Comparison

CVE-2021-31404 MEDIUM

Vaadin Flow 1.0.0-1.0.13 and Vaadin 10.0.0-10.0.16 - Observable Timing Discrepancy in CSRF Token Comparison

CVE-2021-31403 MEDIUM

Vaadin 7.0.0-7.7.23 and 8.0.0-8.12.2 - Observable Timing Discrepancy in CSRF Token Comparison

CVE-2021-29446 MEDIUM

jose-node-cjs-runtime < 3.11.4 - Timing Side-Channel in AES_CBC_HMAC_SHA2 Decryption

CVE-2021-29445 MEDIUM

jose-node-esm-runtime < 3.11.4 - Timing Side-Channel in AES_CBC_HMAC_SHA2 Decryption

CVE-2021-29444 MEDIUM

jose-node-cjs-runtime < 3.11.4 - Timing Side-Channel in AES_CBC_HMAC_SHA2 Decryption

Previous Page 21 of 30 Next

Details

Vulnerabilities 733

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy