CWE-203 (通过差异性导致的信息暴露) — Vulnerability Class 129

129 vulnerabilities classified as CWE-203 (通过差异性导致的信息暴露). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2023-3640	Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space — Red Hat Enterprise Linux 9	7.0	High	2023-07-24
CVE-2023-3529	Rotem Dynamics Rotem CRM OTP URI Interface information exposure — Rotem CRM	5.3	Medium	2023-07-06
CVE-2023-22359	User-enumeration in RestAPI — Checkmk	4.3	Medium	2023-06-26
CVE-2023-34344	A vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username — MegaRAC_SPx	5.3	Medium	2023-06-12
CVE-2023-32691	ginuerzh/gost vulnerable to Timing Attack — gost	5.9	Medium	2023-05-30
CVE-2023-32694	Non-constant time HMAC comparison in Adyen plugin in Saleor — saleor	4.8	Medium	2023-05-25
CVE-2023-0440	Observable Discrepancy in healthchecks/healthchecks — healthchecks/healthchecks	7.1	-	2023-01-23
CVE-2021-4286	cocagne pysrp _ctsrp.py calculate_x information exposure — pysrp	2.6	Low	2022-12-27
CVE-2022-20940	Cisco Firepower Threat Defense 安全漏洞 — Cisco Firepower Threat Defense Software	5.3	Medium	2022-11-10
CVE-2021-45925	Username Enumeration — IAC-AST2500A	5.3	Medium	2022-10-24
CVE-2022-36105	User Enumeration via Response Timing in TYPO3 — typo3	5.3	Medium	2022-09-13
CVE-2022-20866	Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerability — Cisco Adaptive Security Appliance (ASA) Software	7.4	High	2022-08-10
CVE-2022-27221	Siemens SINEMA Remote Connect Server 安全特征问题漏洞 — SINEMA Remote Connect Server	5.9	Medium	2022-06-14
CVE-2022-0823	Zyxel GS1200 安全漏洞 — Zyxel GS1200 series firmware	6.2	Medium	2022-06-07
CVE-2022-24043	多款Siemens产品安全漏洞 — Desigo DXR2	5.3	-	2022-05-10
CVE-2021-33845	Username enumeration through lockout message in REST API — Splunk Enterprise	5.3	Medium	2022-05-06
CVE-2022-0569	Observable Discrepancy in snipe/snipe-it — snipe/snipe-it	5.3	Medium	2022-02-12
CVE-2022-22120	NocoDB - Observable Discrepancy in the password-reset feature — nocodb	5.3	Medium	2022-01-10
CVE-2021-38153	Timing Attack Vulnerability for Apache Kafka Connect and Clients — Apache Kafka	5.9	-	2021-09-22
CVE-2021-34576	Observable discrepancy in Kaden PICOFLUX AiR leaks water consumption — PICOFLUX AiR	4.3	Medium	2021-09-16
CVE-2021-3642	Red Hat Wildfly Elytron 安全漏洞 — wildfly-elytron	7.5	-	2021-08-05
CVE-2021-34575	Information Exposure in mymbCONNECT24, mbCONNECT24 <= 2.8.0 — mymbCONNECT24	7.5	High	2021-08-02
CVE-2021-29621	Observable Response Discrepancy in Flask-AppBuilder — Flask-AppBuilder	5.3	Medium	2021-06-07
CVE-2021-1486	Cisco SD-WAN vManage HTTP Authentication User Enumeration Vulnerability — Cisco SD-WAN vManage	5.3	Medium	2021-05-06
CVE-2021-29446	Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtime — jose-node-cjs-runtime	5.9	Medium	2021-04-16
CVE-2021-29445	Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime — jose-node-esm-runtime	5.9	Medium	2021-04-16
CVE-2021-29444	Padding Oracle Attack due to Observable Timing Discrepancy in jose-browser-runtime — jose	5.9	Medium	2021-04-16
CVE-2021-29443	Padding Oracle Attack due to Observable Timing Discrepancy in jose — jose	5.9	Medium	2021-04-16
CVE-2020-3585	Cisco Firepower 1000 Series Bleichenbacher Attack Vulnerability — Cisco Adaptive Security Appliance (ASA) Software	5.3	Medium	2020-10-21
CVE-2020-1685	Junos OS: EX4600, QFX5K Series: Stateless firewall filter matching 'user-vlan-id' will cause incomplete discard action — Junos OS	5.8	Medium	2020-10-16

Vulnerabilities classified as CWE-203 (通过差异性导致的信息暴露) represent 129 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-203 (通过差异性导致的信息暴露) — Vulnerability Class 129