CVE-2025-7071

Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS7 decrypt operations...

PT-2025-35196

Name of the Vulnerable Software and Affected Versions: Oberon PSA Crypto library versions 1.0.0 through 1.5.0 Description: A padding oracle attack allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS7 decrypt operations. Recommendations: Update to version 1.5.1 or late...

PT-2025-35195

Name of the Vulnerable Software and Affected Versions: ocrypto versions 3.1.0 through 3.9.1 Description: A padding oracle attack allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS7 decrypt operations. Recommendations: Update to a version later than 3.9.1...

Linux Distros Unpatched Vulnerability : CVE-2021-33880

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The aaugustin websockets library before 9.1 for Python has an Observable Timing Discrepancy on servers when HTTP Basic Authentication is enabled with...

Linux Distros Unpatched Vulnerability : CVE-2024-13939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in...

Linux Distros Unpatched Vulnerability : CVE-2021-32921

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Prosody before 0.11.9. It does not use a constant-time algorithm for comparing certain secret strings when running under Lua 5.2 or...

Linux Distros Unpatched Vulnerability : CVE-2017-8342

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing oracles and simple brute-force attacks when using the htpasswd authentication method...

Linux Distros Unpatched Vulnerability : CVE-2016-1000236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Node-cookie-signature before 1.0.6 is affected by a timing attack due to the type of comparison used. CVE-2016-1000236 Note that Nessus relies on the presence o...

Linux Distros Unpatched Vulnerability : CVE-2023-0361

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypt...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the password encryptor during the login process. An attacker can determine the existence of user accounts by analyzing differences in server response times to crafted authentication requests. Remediation Upgrade...

Timing Attack

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Timing Attack via the password encryptor during the login process. An attacker can determine the existence of user accounts by analyzing differences in server...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the password encryptor during the login process. An attacker can determine the existence of user accounts by analyzing differences in server response times to crafted authentication requests. Remediation Upgrade...

Linux Distros Unpatched Vulnerability : CVE-2016-1000341

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Bouncy Castle JCE Provider version 1.55 and earlier DSA signature generation is vulnerable to timing attack. Where timings can be closely observed for th...

Linux Distros Unpatched Vulnerability : CVE-2021-38153

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such...

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 : Request Tracker vulnerabilities (USN-7692-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7692-1 advisory. It was discovered that Request Tracker was susceptible to timing attacks. An attacker could possibly use this issue to access sensiti...

PT-2025-46761

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s SCTP implementation related to Message Authentication Code MAC comparison. The MAC comparison was not performed in constant time, potentially allowing...

Linux Distros Unpatched Vulnerability : CVE-2024-45192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to th...

Linux Distros Unpatched Vulnerability : CVE-2022-45416

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Keyboard events reference strings like KeyA that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have...

USN-7692-1 request-tracker5 vulnerabilities

It was discovered that Request Tracker was susceptible to timing attacks. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 22.04 LTS. CVE-2021-38562 It was discovered that Request Tracker was susceptible to cross-site scripting attacks whe...

SUSE CVE-2025-54999

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, when using OpenBao's userpass auth method, user enumeration was possible due to timing difference between non-existent users an...