Lucene search
K

226 matches found

CVE
CVE
added 5 days ago12 views

CVE-2026-41515

OP-TEE (Trusted Execution Environment for Arm Cortex-A TrustZone) has a vulnerability in the RSA-OAEP decryption path within the NXP CAAM crypto driver. From version 3.9.0 up to, but not including, 4.11.0, the driver uses non-constant-time memcmp() for label hash verification, exposing a Manger-s...

3.3CVSS6AI score0.00094EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/30 2:26 p.m.36 views

CVE-2026-27882 Coolify: Timing Attack in GitLab Webhook Token Validation

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.461, the GitLab webhook endpoint uses a non-constant-time string comparison operator !== to validate the webhook secret token. This implementation is vulnerable to timing attack...

4.8CVSS0.00146EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 8:42 p.m.5 views

CVE-2026-13758

CryptX versions before 0.088001 for Perl compare AEAD authentication tags in non-constant time in the streaming decryptdone path. The decryptdone$tag form compares it against the computed tag with memNE memcmp != 0, which short-circuits on the first differing byte, so its run time depends on the...

5.8AI score0.00295EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.9 views

PT-2026-53736

Name of the Vulnerable Software and Affected Versions CryptX versions prior to 0.088 001 Description CryptX for Perl performs AEAD authentication tag comparisons in non-constant time within the streaming decrypt done path. The decrypt done$tag function utilizes memNE based on memcmp != 0, which...

3.7CVSS6.1AI score0.00295EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/18 12:24 p.m.15 views

bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA core. A covert timing channel vulnerability, caused by non-constant time comparisons, risks the leakage of private keys in the FrodoKEM implementation. An unauthenticated, remote attacker can potentially exploit this timing discrepancy ...

9.9CVSS5.8AI score0.00691EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/18 12:12 p.m.33 views

bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA core. A covert timing channel vulnerability, caused by non-constant time comparisons, risks the leakage of private keys in the FrodoKEM implementation. An unauthenticated, remote attacker can potentially exploit this timing discrepancy ...

9.9CVSS5.8AI score0.00691EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.11 views

Apache Tomcat - AJP secret compared in non-constant time

Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.21 Apache Tomcat 10.1.0-M1 to 10.1.54 Apache Tomcat 9.0.0.M1 to 9.0.117 Older, unsupported versions may also be affected Description: The AJP secret was compared in non-constant time allowing an attacker on the local network to mount a timing...

3.7CVSS5.8AI score0.00352EPSS
Exploits0References10Affected Software3
CVE
CVE
added 2026/05/12 3:32 p.m.62 views

CVE-2026-43514

CVE-2026-43514 describes an observable timing discrepancy in comparing the AJP secret in Apache Tomcat. Affected are Tomcat 11.0.0-M1 through 11.0.21, 10.1.0-M1 through 10.1.54, 9.0.0.M1 through 9.0.117, 8.5.0 through 8.5.100, and 7.0.0 through 7.0.109 (older unsupported versions may also be affe...

3.7CVSS5.7AI score0.00352EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/08 9:24 p.m.13 views

CVE-2026-43383

A flaw was found in the Linux kernel's TCP MD5 signature option. This vulnerability allows a remote attacker to perform timing attacks due to a non-constant-time comparison of Message Authentication Codes MACs. By observing the time taken for MAC comparisons, an attacker could potentially infer...

9.4CVSS5.8AI score0.00443EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.5 views

RHEL 7 / 8 / 9 : Red Hat JBoss Enterprise Application Platform 7.4.24 (RHSA-2026:12267)

The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:12267 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...

9.9CVSS5.8AI score0.00691EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/04/30 11:14 a.m.9 views

bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA core. A covert timing channel vulnerability, caused by non-constant time comparisons, risks the leakage of private keys in the FrodoKEM implementation. An unauthenticated, remote attacker can potentially exploit this timing discrepancy ...

9.9CVSS5.4AI score0.00691EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/30 11:14 a.m.9 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.9CVSS5.3AI score0.00691EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/04/30 11:9 a.m.9 views

bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons

A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA core. A covert timing channel vulnerability, caused by non-constant time comparisons, risks the leakage of private keys in the FrodoKEM implementation. An unauthenticated, remote attacker can potentially exploit this timing discrepancy ...

9.9CVSS5.4AI score0.00691EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/04/30 11:9 a.m.9 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.9CVSS5.3AI score0.00691EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/17 6:31 p.m.6 views

EUVD-2026-22872

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. Non-constant time comparisons risk private key leakage in FrodoKEM. This issue affects BC-JAVA: from 2.17.3 before 1.84...

10CVSS5.8AI score0.00691EPSS
Exploits0References2
OSV
OSV
added 2026/04/16 11:36 p.m.5 views

BIT-AUTHENTIK-2024-52307 authentik allows a timing attack due to missing constant time comparison for metrics view

authentik is an open-source identity provider. Due to the usage of a non-constant time comparison for the /-/metrics/ endpoint it was possible to brute-force the SECRETKEY, which is used to authenticate the endpoint. The /-/metrics/ endpoint returns Prometheus metrics and is not intended to be...

6.3CVSS5.5AI score0.00531EPSS
Exploits0References4
OSV
OSV
added 2026/04/15 10:16 a.m.10 views

DEBIAN-CVE-2026-5598

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84...

9.9CVSS7.2AI score0.00691EPSS
Exploits0References1
NVD
NVD
added 2026/04/15 10:16 a.m.5 views

CVE-2026-5598

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84...

9.9CVSS0.00691EPSS
Exploits0References11
Debian CVE
Debian CVE
added 2026/04/15 9:5 a.m.5 views

CVE-2026-5598

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all core modules. This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84...

9.9CVSS7.2AI score0.00691EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.8 views

Bouncy Castle Java 安全漏洞

Bouncy Castle Java is an open-source encryption algorithm developed by Legion of the Bouncy Castle Inc. There were security vulnerabilities in Bouncy Castle Java versions from 2.17.3 to 1.84. These vulnerabilities stemmed from non-constant time comparisons, which could lead to the exposure of the...

9.9CVSS7.1AI score0.00691EPSS
Exploits0References5
Rows per page
Query Builder