SUSE CVE-2017-20240

Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key...

PT-2026-46997

Summary The shared-view password check fell back to strict-equality === comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. Details The bcrypt branch hashes starting with $2a$/$2b$ was unaffected. The legacy fallback in View.t...

PT-2026-42551

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password...

SUSE-SU-2026:21608-1 Security update for ongres-scram, ongres-stringprep, plexus-testing, maven, maven-doxia, mojo-parent, sisu

This update for ongres-scram, ongres-stringprep, plexus-testing, maven, maven-doxia, mojo-parent, sisu fixes the following issues: Changes in ongres-scram: - Version 3.2 Fix Timing Attack Vulnerability in SCRAM Authentication bsc1250399, CVE-2025-59432 Updated dependencies and maven plugins Use...

PT-2026-39141

Name of the Vulnerable Software and Affected Versions RELATE versions prior to commit 2f68e16 Description A timing attack exists in the check sign in key function within the course/auth.py file. A timing attack is a side-channel attack where an attacker attempts to compromise a system by analyzin...

Important: amazon-efs-utils

Issue Overview: time provides date and time handling in Rust. From 0.3.6 to before 0.3.47, when user-provided input is provided to any type that parses with the RFC 2822 format, a denial of service attack via stack exhaustion is possible. The attack relies on formally deprecated and rarely-used...

OESA-2025-2391 ongres-scram security update

Scram is part of the family of Simple Authentication and Security Layer authentication mechanisms.It is described as part of RFC 5802 and RFC7677. This pachage is a Java implementation. Security Fixes: SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple...

EUVD-2025-32853

vLLM is an inference and serving engine for large language models LLMs. Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more characters the provided A...

EUVD-2011-1942

Malware in sbrugna...

EUVD-2018-0034

Malware in sbrugna...

EUVD-2023-3310

Malicious code in bioql PyPI...

EUVD-2022-0830

Malicious code in bioql PyPI...

EUVD-2024-39182

Malicious code in bioql PyPI...

CVE-2025-53940

Quiet is an alternative to team chat apps like Slack, Discord, and Element that does not require trusting a central server or running one's own. In versions 6.1.0-alpha.4 and below, Quiet's API for backend/frontend communication was using an insecure, not constant-time comparison function for tok...

PT-2025-17727

Name of the Vulnerable Software and Affected Versions Spring Security affected versions not specified Description The issue introduces a username enumeration vector. It affects the BCryptPasswordEncoder's maximum password length, which breaks timing attack mitigation. Recommendations At the momen...

Debian dla-3846 : libmojolicious-perl - security update

The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3846 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3846-1 [email protected] https://www.debian.org/lts/security/...

1Panel's password verification is suspected to have a timing attack vulnerability

Summary 源码中密码校验处使用 != 符号，而不是hmac.Equal，这可能导致产生计时攻击漏洞，从而爆破密码。 建议使用 hmac.Equal 比对密码。 Translation: The source code uses the != symbol instead of hmac.Equal for password verification, which may lead to timing attack vulnerabilities that can lead to password cracking. It is recommended to use hmac...

GHSA-6M9H-2PR2-9J8F 1Panel's password verification is suspected to have a timing attack vulnerability

Summary 源码中密码校验处使用 != 符号，而不是hmac.Equal，这可能导致产生计时攻击漏洞，从而爆破密码。 建议使用 hmac.Equal 比对密码。 Translation: The source code uses the != symbol instead of hmac.Equal for password verification, which may lead to timing attack vulnerabilities that can lead to password cracking. It is recommended to use hmac...

PT-2024-12938 · Apache · Apache Doris

Name of the Vulnerable Software and Affected Versions: Apache Doris versions prior to 2.0.0 Apache Doris version 1.2.8 and earlier Description: The authentication method in Apache Doris was vulnerable to timing attacks. This issue allows attackers to potentially exploit the system. Users are...

Debian: Security Advisory (DLA-3660-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...