DEBIAN-CVE-2026-5091

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the muldi3 process. An attacker can infer sensitive cryptographic data by measuring execution time variations during cryptographic operations on RISC-V RV32I architectures. Remediation Upgrade wolfssl to version...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Bouncy Castle vulnerabilities (USN-8108-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8108-1 advisory. It was discovered that Bouncy Castle did not sanitize user input when inserting it into an LDAP search...

DEBIAN-CVE-2025-40204

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

USN-7692-1: Request Tracker vulnerabilities

It was discovered that Request Tracker was susceptible to timing attacks. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 22.04 LTS. CVE-2021-38562 It was discovered that Request Tracker was susceptible to cross-site scripting attacks whe...

Use Of A Cryptographic Primitive With A Risky Implementation

postquantumfeldmanvss is vulnerable to Use of a Cryptographic Primitive with a Risky Implementation. The vulnerability is due to ineffective redundancy checks and timing leaks, allowing an attacker to bypass security mechanisms, extract secret polynomial coefficients, and manipulate commitment...

CVE-2025-29779 Post-Quantum Secure Feldman's Verifiable Secret Sharing has Inadequate Fault Injection Countermeasures in `secure_redundant_execution`

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing VSS scheme. In versions 0.8.0b2 and prior, the secureredundantexecution function in feldmanvss.py attempts to mitigate fault injection attacks by executing a function...

USN-7180-1 python2.7 vulnerabilities

It was discovered that Python incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code or cause a crash. CVE-2022-48560 It was discovered that Python did not properly handle XML entity declarations in plist files. An attacker could possibly use this...

PHPECC vulnerable to multiple cryptographic side-channel attacks

ECDSA Canonicalization PHPECC is vulnerable to malleable ECDSA signature attacks. Constant-Time Signer When generating a new ECDSA signature, the GMPMath adapter was used. This class wraps the GNU Multiple Precision arithmetic library GMP, which does not aim to provide constant-time implementatio...

mdanter/ecc affected by timing vulnerability in cryptographic side-channels

phpecc, as used in all versions of mdanter/ecc, as well as paragonie/ecc before 2.0.1, has a branch-based timing leak in Point addition. This Composer package is also known as phpecc/phpecc on GitHub, previously known as the Matyas Danter ECC library. Paragon Initiative Enterprises hard-forked...

Observable Discrepancy

Overview org.bouncycastle:bcprov-jdk15on is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Observable Discrepancy due to the timing difference between exceptions thrown when processing RSA key exchange handshakes, AKA Marvin. Note: The...

SUSE CVE-2023-45287

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...

AZL-34764 CVE-2023-45287 affecting package golang for versions less than 1.20.0-1

Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS1 padding may leak timing...

Barzahlen Payment Module PHP SDK 安全漏洞

Barzahlen Payment Module PHP SDK is a Barzahlen PHP library. A security vulnerability exists in Barzahlen Payment Module PHP SDK versions prior to 2.0.1, which stems from a faulty validation of a function in the file src/Webhook.php, which can lead to observable timing differences...

USN-5726-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the contents of the addressbar, bypass security restrictions, cross-site tracing or execute arbitra...

PT-2022-7383 · Dell · Dell Bsafe Crypto-C Micro Edition +1

Name of the Vulnerable Software and Affected Versions: Dell BSAFE Crypto-C Micro Edition versions before 4.1.5 Dell BSAFE Micro Edition Suite versions before 4.6 Description: The issue is related to an Observable Timing Discrepancy, which can be exploited to reveal protected information. This is...

CVE-2021-34337

A timing attack was found in the mailman administrative REST API due to the usage of a simple string comparison function when checking the password. This flaw allows an attacker who can talk to the REST API to discover the admin password due to timing leaks...

Code injection

common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison...

USN-4504-1 openssl, openssl1.0 vulnerabilities

Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed i...

UBUNTU-CVE-2020-12399

NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird 68.9.0, Firefox 77, and Firefox ESR 68.9...