Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-203

CWE-203

Observable Discrepancy

Parent: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.

733 vulnerabilities with CWE-203

CVE-2024-25191 CRITICAL

php-jwt 1.0.0 - Timing Side-Channel Authentication Bypass via strcmp

CVE-2024-25190 CRITICAL

l8w8jwt 2.2.1 - Timing Side-Channel Authentication Bypass via memcmp

CVE-2024-25189 CRITICAL

libjwt <1.15.3 - Auth Bypass

CVE-2024-25146 MEDIUM

Liferay Portal/DXP - Info Disclosure

CVE-2024-0202 MEDIUM

cryptlib < 3.4.7 - Timing Attack via RSA Key Exchange Ciphersuites

CVE-2024-23170 MEDIUM

Mbed TLS 2.x < 2.28.7 and 3.x < 3.5.2 - Timing Side-Channel Attack via RSA Private Operations

CVE-2024-0914 MEDIUM

opencryptoki < 3.23.0 - Timing Side-Channel in RSA PKCS#1 v1.5 Padding

CVE-2024-21671 LOW

vantage6 < 4.2.0 - Observable Timing Discrepancy in Login Response

CVE-2024-0564 MEDIUM

Linux kernel <4.4.0-96.119 - Info Disclosure

CVE-2024-22647 MEDIUM

SEO Panel 4.10.0 - User Enumeration via Authentication Error Message Discrepancy

CVE-2024-23218 MEDIUM

Apple iOS iPadOS macOS tvOS watchOS - Timing Side-Channel in RSA PKCS#1 v1.5 Decryption

CVE-2024-23342 HIGH

ecdsa < 0.18.0 - Covert Timing Channel

CVE-2024-21484 HIGH

jsrsasign < 11.0.0 - Observable Discrepancy via RSA PKCS1.5 or RSAOAEP Decryption

CVE-2024-23771 CRITICAL

darkhttpd < 1.15 - Timing Side-Channel Authentication Bypass via strcmp

CVE-2024-0553 HIGH

GnuTLS - Timing Side-Channel Attack

CVE-2023-5872 MEDIUM

Wago: Vulnerability in Smart Designer Web-Application

CVE-2023-53943 MEDIUM

GLPI 9.5.7 - Username Enumeration via Lost Password Endpoint

CVE-2023-38327 MEDIUM

eGroupWare 17.1.20190111 - Info Disclosure

CVE-2023-37482 MEDIUM

SIMATIC Drive Controller CPU 1504D TF 3.1.0-3.1.1 - Unauthenticated Username Enumeration via Login Timing Side Channel

CVE-2023-37413 MEDIUM

IBM Aspera Faspex 5.0.0-5.0.10 - Username Information Disclosure via Observable Response Discrepancy

CVE-2023-47159 MEDIUM

IBM Sterling File Gateway 6.0.0.0-6.1.2.5 & 6.2.0.0-6.2.0.1 Username Enumeration via Response Discrepancy

CVE-2023-36325 LOW

i2p < 2.3.0 - Observable Discrepancy via Replayed Tunneled Message

CVE-2023-30312 HIGH

OpenWrt 18.06-22.03 - TCP Session Hijacking via nf_conntrack_tcp_no_window_check

CVE-2023-30308 MEDIUM

Ruijie EG210G-P, EG105G-V2, NBR, and EG105G Firmware - TCP Session Hijacking via Sequence Number Leakage

CVE-2023-27283 MEDIUM

IBM Aspera Orchestrator 4.0.1 - Info Disclosure

Previous Page 8 of 30 Next

Details

Vulnerabilities 733

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy