Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-203

CWE-203

Observable Discrepancy

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

733 vulnerabilities with CWE-203

CVE-2024-21233 MEDIUM

Oracle Database Server 19.3-19.24, 21.3-21.15, 23.4-23.5 - Authenticated Unauthorized Data Manipulation via Oracle Net

CVE-2024-21210 LOW

Oracle JDK and JRE 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23 - Unauthenticated Data Manipulation via Hotspot

CVE-2024-21208 LOW

Oracle GraalVM - Unauthenticated Partial Denial of Service via Networking Component

CVE-2024-21206 MEDIUM

Oracle Enterprise Command Center Framework 11-13 - Unauthorized Data Access via Diagnostics Component

CVE-2024-47869 LOW

gradio < 4.44.0 - Timing Attack via Analytics Dashboard Hash Comparison

CVE-2024-43546 MEDIUM

Windows 10/11, Server 2022 Cryptographic Component Information Disclosure

CVE-2024-45231 MEDIUM

Django v5.1.1-v4.2.16 - Info Disclosure

CVE-2024-9513 LOW

Netadmin IAM < 3.5 - Information Exposure via Username Argument Discrepancy

CVE-2024-9398 MEDIUM

Firefox < 131 and Firefox ESR < 128.3 - Information Disclosure via Protocol Handler Detection

CVE-2024-47129 MEDIUM

goTenna Pro App < 1.6.1 and < 2.0.3 - Observable Response Discrepancy via Broadcast Frame Length

CVE-2024-41715 MEDIUM

goTenna Pro ATAK Plugin < 2.0.7 - Observable Response Discrepancy via Broadcast Frame Length

CVE-2024-8651 MEDIUM

NetCat CMS <6.4.0.24248 - Info Disclosure

CVE-2024-23984 MEDIUM

Intel(R) Processors - Info Disclosure

CVE-2024-34336 MEDIUM

ORDAT FOSS-Online <2.24.01 - Info Disclosure

CVE-2024-42343 MEDIUM

Loway QueueMetrics 17.06.1-24.05.5 - Observable Response Discrepancy

CVE-2024-45052 MEDIUM

Fides < 2.44.0 - Unauthenticated Timing-Based Username Enumeration via Authentication Response

CVE-2024-39921 HIGH

Fujitsu IPCOM VE2 Series Firmware < V01L06NF0112 - Observable Timing Discrepancy

CVE-2024-45678 MEDIUM

YubiKey 5 Series < 5.7.0 and YubiHSM 2 < 2.4.0 - ECDSA Secret-Key Extraction via Electromagnetic Side Channel

CVE-2024-1543 MEDIUM

wolfssl < 5.6.6 - Observable Timing Discrepancy in T-Table Implementation

CVE-2024-1544 MEDIUM

wolfssl < 5.7.2 - Observable Discrepancy in ECDSA Nonce Generation

CVE-2024-41952 MEDIUM

Zitadel 2.53.0-2.53.8 - Username Enumeration via Error Message Discrepancy

CVE-2024-38431 MEDIUM

Matrix Tafnit < 8.4.202 - Observable Response Discrepancy

CVE-2024-41880 MEDIUM

Veilid < 0.3.4 - Observable Discrepancy via Ping Function Misuse

CVE-2024-39830 HIGH

Mattermost 9.5.0-9.5.5 9.6.0-9.6.2 9.7.0-9.7.4 9.8.0 - Remote Cluster Token Timing Attack via Shared Channels

CVE-2024-39891 MEDIUM KEV

Twilio Authy < 26.1.0 (iOS) and < 25.1.0 (Android) - Unauthenticated Phone Number Enumeration via API Endpoint

Previous Page 6 of 30 Next

Details

Vulnerabilities 733

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy