EUVD-2023-1119

Malicious code in bioql PyPI...

User Enumeration

mautic/core is vulnerable to user enumeration. The vulnerability is due to differing response times between valid and invalid usernames, which allows an attacker to enumerate valid accounts and subsequently attempt brute-force attacks...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via SM2 algorithm implementation on 64 bit ARM platforms. An attacker can recover private keys by performing high-precision timing measurements in a specialized attack setup. Note: Since OpenSSL does not directly support...

DivvyDrive Web 安全漏洞

DivvyDrive Web is a file management and sharing system from the Turkish company DivvyDrive. A security vulnerability exists in DivvyDrive Web versions 4.8.2.2 through prior to 4.8.2.15, which stems from the presence of an observable timing difference that could lead to a cross-domain search timin...

SUSE CVE-2025-59432

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

CVE-2025-59432

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

UBUNTU-CVE-2025-59432

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

CVE-2025-59432

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

CVE-2025-59432 Timing Attack Vulnerability in SCRAM Authentication

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

CVE-2025-59432 Timing Attack Vulnerability in SCRAM Authentication

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

CVE-2025-59432 Timing Attack Vulnerability in SCRAM Authentication

SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...

CVE-2025-59432

SCRAM timing attack (CVE-2025-59432) affects the SCRAM Java implementation prior to v3.2 due to using Arrays.equals to compare secret values, causing variable execution time. It can enable a timing side‑channel to infer authentication material. The issue is mitigated by using constant-time compar...

curl: Timing Attack Vulnerability in curl Digest Authentication via Non-Constant-Time String Comparison

Summary: A timing attack vulnerability exists in curl's Digest Authentication implementation due to the use of non-constant-time string comparison strcmp when comparing authentication algorithms in digest.c line 360. This allows attackers to determine the supported authentication algorithm throug...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the Proxy authentication. An attacker can obtain sensitive authentication information by exploiting differences in response times during password validation. Remediation Upgrade d7y.io/dragonfly/v2/client/daemon/proxy ...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the Proxy authentication. An attacker can obtain sensitive authentication information by exploiting differences in response times during password validation. Remediation Upgrade...

GHSA-C2FC-9Q9C-5486 Dragonfly vulnerable to timing attacks against Proxy’s basic authentication

Impact The access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time by sending all possible characters to a vulnerable mechanism and measuring the comparison...

Dragonfly vulnerable to timing attacks against Proxy’s basic authentication

Impact The access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time by sending all possible characters to a vulnerable mechanism and measuring the comparison...

CVE-2025-59350 Timing attacks against Proxy’s basic authentication are possible

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time...

CVE-2025-59350 Timing attacks against Proxy’s basic authentication are possible

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time...

CVE-2025-59350 Timing attacks against Proxy’s basic authentication are possible

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the access control mechanism for the Proxy feature uses simple string comparisons and is therefore vulnerable to timing attacks. An attacker may try to guess the password one character at a time...