EUVD-2026-15344

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp with the correct function, cryptomemneq...

CVE-2026-23364

CVE-2026-23364 concerns the Linux kernel’s ksmbd path, where MAC comparisons were not performed in constant time. The underlying issue is a timing-attack-prone memcmp() usage; the recommended fix is to replace memcmp() with crypto_memneq() to ensure constant-time comparisons. The vulnerability is...

CVE-2026-23364

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp with the correct function, cryptomemneq...

CVE-2026-23364 ksmbd: Compare MACs in constant time

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp with the correct function, cryptomemneq...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from comparing MAC addresses using non-constant time functions, potentially leading to timing attacks...

CVE-2026-28475

OpenClaw versions prior to 2026.2.13 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually...

CVE-2026-28464

OpenClaw versions prior to 2026.2.12 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually...

CVE-2026-28464 OpenClaw < 2026.2.12 - Timing Attack in Hooks Token Authentication

OpenClaw versions prior to 2026.2.12 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually...

GHSA-JMM5-FVH5-GF4P OpenClaw has non-constant-time token comparison in hooks authentication

Summary OpenClaw hooks previously compared the provided hook token using a regular string comparison. Because this comparison is not constant-time, an attacker with network access to the hooks endpoint could potentially use timing measurements across many requests to gradually infer the token. In...

Trilium Notes 安全漏洞

Trilium Notes is a hierarchical note-taking application developed by Zadam, the individual developer of this project. It focuses on building large personal knowledge bases. Versions of Trilium Notes prior to 0.101.0 contained security vulnerabilities. These vulnerabilities stemmed from critical...

Azure Linux 3.0 Security Update: openssh (CVE-2024-39894)

The version of openssh installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-39894 advisory. - OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., fo...

CVE-2025-66803

Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...

MiracleLinux 4 : openssl-1.0.0-27.AXS4.2 (AXSA:2013-168:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-168:01 advisory. The OpenSSL toolkit provides support for secure communications between machines. OpenSSL includes a certificate management tool and shared libraries...

Insecure Randomness

Overview net.gleske:jervis is a Self service Jenkins job generation using Jenkins Job DSL plugin groovy scripts. Reads .jervis.yml and generates a job in Jenkins. Affected versions of this package are vulnerable to Insecure Randomness via the SecurityIO function. An attacker can predict random...

Jervis Has Weak Random for Timing Attack Mitigation

Vulnerability https://github.com/samrocketman/jervis/blob/157d2b63ffa5c4bb1d8ee2254950fd2231de2b05/src/main/groovy/net/gleske/jervis/tools/SecurityIO.groovyL593-L594 Uses java.util.Random which is not cryptographically secure. Impact If an attacker can predict the random delays, they may still be...

Jervis 安全特征问题漏洞

Jervis is an automation tool by Sam Gleske Personal Developer. A security signature issue vulnerability exists in versions prior to Jervis 2.2 that stems from the use of non-cryptographically secure java.util.Random, which may not be effective in mitigating timing attacks...

CVE-2011-0910

The cookie implementation in Vanilla Forums before 2.0.17.6 makes it easier for remote attackers to spoof signed requests, and consequently obtain access to arbitrary user accounts, via HMAC timing attacks...

PT-2026-27729

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the kernel’s ksmbd component related to Message Authentication Code MAC comparisons. The issue stems from the use of memcmp for MAC comparisons, which is susceptible to...

PT-2026-26340

Name of the Vulnerable Software and Affected Versions wolfSSL version 5.8.4 Description The software contains a flaw in the constant-time masking logic within the sp 256 get entry 256 9 function. When compiled with GCC targeting RISC-V RV32I using the -O3 optimization flag, the logic is altered...

Linux Distros Unpatched Vulnerability : CVE-2013-10031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks CVE-2013-10031 Note that Nessus relies on the presence of the...