CVE-2024-22340 IBM Common Cryptographic Architecture information disclosure

IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack...

CVE-2024-41760

CVE-2024-41760 affects IBM Common Cryptographic Architecture (CCA) 7.0.0–7.5.51. The Red Hat advisory and IBM security bulletin confirm a timing-attack-based information disclosure during certain RSA operations, enabling an attacker to obtain sensitive data. Impact is Information Disclosure (CVE-...

CVE-2025-24023

Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows unauthenticated users to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. This vulnerability is fixed in 4.5.3...

Linux Distros Unpatched Vulnerability : CVE-2023-45287

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but...

Linux Distros Unpatched Vulnerability : CVE-2020-25658

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the...

Linux Distros Unpatched Vulnerability : CVE-2020-25659

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS1 v1.5 ciphertext...

Linux Distros Unpatched Vulnerability : CVE-2018-5407

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Simultaneous Multi-threading SMT in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port...

Flask-AppBuilder Observable Response Discrepancy

Impact User enumeration in database authentication in Flask-AppBuilder = 3.0.0. Allows for a non authenticated user to enumerate existing usernames by timing the response time from the server when brute forcing requests to login. Patches Upgrade to flask-appbuilder=4.5.3 Workarounds Downgrade...

CVE-2024-41335

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to...

CVE-2024-41335

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to...

CVE-2024-41335

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to...

CVE-2024-41335

Draytek devices Vigor 165/166 prior to v4.2.6 , Vigor 2620/LTE200 prior to v3.9.8.8, Vigor 2860/2925 prior to v3.9.7, Vigor 2862/2926 prior to v3.9.9.4, Vigor 2133/2762/2832 prior to v3.9.8, Vigor 2135/2765/2766 prior to v4.4.5.1, Vigor 2865/2866/2927 prior to v4.4.5.3, Vigor 2962/3910 prior to...

CVE-2024-41335

CVE-2024-41335 affects DrayTek Vigor routers (multiple models) with vulnerable firmware versions that use insecure implementations of strcmp and memcmp. The root cause is timing-based information disclosure via these insecure comparisons, which may allow attackers to obtain sensitive data. Affect...

Security update for openssh

This update for openssh fixes the following issues: CVE-2024-39894: Fixed timing attacks against echo-off password entry bsc1227318 CVE-2024-6387: Fixed race condition in a signal handler bsc1226642. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods lik...

SUSE-SU-2025:20009-1 Security update for openssh

This update for openssh fixes the following issues: - CVE-2024-39894: Fixed timing attacks against echo-off password entry bsc1227318 - CVE-2024-6387: Fixed race condition in a signal handler bsc1226642...

CVE-2024-11862

Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks...

CVE-2024-11862

Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks...

CVE-2024-11862

CVE-2024-11862 affects Devolutions.XTS.NET (versions 2024.11.19 and earlier). The issue is a non-constant-time cryptographic operation in the Galois Field multiplications used by XTS mode, which can enable timing attacks that render half of the encryption key obsolete and downgrade security towar...

CVE-2024-11862

Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks...

LocalAI 信息泄露漏洞

LocalAI is a free, open source alternative to OpenAI from the individual developer Ettore Di Giacinto. An information disclosure vulnerability exists in LocalAI version 2.17.1, which stems from vulnerability to timing attacks that allow an attacker to compromise a cryptosystem by analyzing the ti...