Fallos del tipo CWE-203

294 resultados
CVE-2023-25741MEDIUMWhen dragging and dropping an image cross-origin, the image's size could potentially be leaked. This behavior was shipped in 109 and caused EPSS 0.8%CVE-2023-51437HIGHApache Pulsar: Timing attack in SASL token signature verificationEPSS 0.8%CVE-2023-20575MEDIUM A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionEPSS 0.8%CVE-2020-1685MEDIUMJunos OS: EX4600, QFX5K Series: Stateless firewall filter matching 'user-vlan-id' will cause incomplete discard actionEPSS 0.8%CVE-2023-29850HIGHSENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain inforEPSS 0.7%CVE-2024-48644MEDIUMAccounts enumeration vulnerability in the Login Component of Reolink Duo 2 WiFi Camera (Firmware Version v3.0.0.1889_23031701) allows remoteEPSS 0.7%CVE-2024-5690MEDIUMBy monitoring the time certain operations take, an attacker could have guessed which external protocol handlers were functional on a user's EPSS 0.7%CVE-2024-13028MEDIUMAntabot White-Jotter login observable response discrepancyEPSS 0.7%CVE-2023-50708MEDIUMyii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementationEPSS 0.7%CVE-2026-21484MEDIUMAnythingLLM Vulnerable to Username Enumeration w/ Password RecoveryEPSS 0.7%CVE-2021-4286LOWcocagne pysrp _ctsrp.py calculate_x information exposureEPSS 0.7%CVE-2023-34878HIGHAn issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-hEPSS 0.7%CVE-2022-47952LOWlxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protecEPSS 0.7%CVE-2023-3640HIGHKernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user spaceEPSS 0.7%CVE-2024-10463HIGHVideo frames could have been leaked between origins in some situations. This vulnerability affects Firefox < 132, Firefox ESR < 128.4, FirefEPSS 0.7%CVE-2024-37880HIGHThe Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timEPSS 0.7%CVE-2022-45403MEDIUMService Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media cEPSS 0.7%CVE-2023-34669TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which caEPSS 0.7%CVE-2023-25728MEDIUMThe <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interactionEPSS 0.7%CVE-2022-45416MEDIUMKeyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as PriEPSS 0.7%