JLSEC-2025-232 Side channel in RSA key generation and operations (SSBleed, M-Step)

Vulnerability Mbed TLS's modular inversion routine and GCD routine are vulnerable to local timing attacks in a number of settings discussed below. These functions are used in RSA, making the following operations vulnerable in all configurations: - RSA key generation with any API mbedtlsrsagenkey...

Security update for ongres-scram (important)

openSUSE security update: security update for ongres-scram ------------------------------------------------------------- Announcement ID: openSUSE-SU-2025-20059-1 Rating: important References: bsc1250399 Cross-References: CVE-2025-59432 CVSS scores: CVE-2025-59432 SUSE : 6.8...

OPENSUSE-SU-2025:20059-1 Security update for ongres-scram

This update for ongres-scram fixes the following issues: - CVE-2025-59432: Fixed timing attack vulnerability in SCRAM Authentication bsc1250399...

SUSE-SU-2025:21016-1 Security update for ongres-scram

This update for ongres-scram fixes the following issues: - CVE-2025-59432: Fixed timing attack vulnerability in SCRAM Authentication bsc1250399...

SUSE CVE-2025-40204

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

Siemens RUGGEDCOM ROS Devices Observable Timing Discrepancy (CVE-2021-42016)

A timing attack, in a third-party component, could make the retrieval of the private key possible, used for encryption of sensitive data. If a threat actor were to exploit this, the data integrity and security could be compromised. This plugin only works with Tenable.ot. Please visit...

Django: User enumeration via timing attack in Django mod_wsgi authentication backend leads to account discovery

A vulnerability was discovered in the checkpassword function in django/contrib/auth/handlers/modwsgi.py. When a non-existent username was provided, the function returned immediately without performing password verification, leading to a timing attack that allowed attackers to enumerate valid...

AZL-70112 CVE-2025-40204 affecting package kernel for versions less than 6.6.117.1-1

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

CVE-2025-40204

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

CVE-2025-40204 sctp: Fix MAC comparison to be constant-time

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a MAC comparison of non-constant time, which could lead to a timing attack...

openSUSE Security Advisory (SUSE-SU-2025:4054-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for ongres-scram

This update for ongres-scram fixes the following issues: CVE-2025-59432: Fixed timing attack vulnerability in SCRAM Authentication bsc1250399 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you c...

SUSE-SU-2025:4054-1 Security update for ongres-scram

This update for ongres-scram fixes the following issues: - CVE-2025-59432: Fixed timing attack vulnerability in SCRAM Authentication bsc1250399...

Timing Attack

Dragonfly is vulnerable to Timing Attack. The vulnerability is due to the use of simple string comparisons in the Proxy feature’s access control mechanism, which allows an attacker to guess the password one character at a time by analyzing response time variations...

Timing Attack

com.ongres.scram:scram-common is vulnerable to Timing Attack. The vulnerability is due to the use of Arrays.equals for comparing sensitive authentication values, which performs short-circuit evaluations and causes variable execution times, allowing an attacker to exploit timing differences to inf...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via discrepancies in processing invalid padding errors in legacy API mbedtlsciphercrypt and mbedtlscipherfinish functions and in the PSA Crypto API psacipherdecrypt and psacipherfinish functions when handling any other...

EUVD-2025-35113

Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtlsmpimodinv or mbedtlsmpigcd...

CVE-2025-54764

Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtlsmpimodinv or mbedtlsmpigcd. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ea...

ALPINE-CVE-2025-54764

Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtlsmpimodinv or mbedtlsmpigcd...