PT-2026-28187

Name of the Vulnerable Software and Affected Versions Database Backup for WordPress versions prior to 2.5.3 Description An authorization bypass exists because the plugin fails to restrict access to the wp db temp dir parameter, which determines the storage location for database backups...

JLSEC-2025-200 Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by ...

Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information an RSA private key by measuring cache usage during an import...

Systematic Assessment of Cache Timing Vulnerabilities on RISC-V Processors

While interest in the open RISC-V instruction set architecture is growing, tools to assess the security of concrete processor implementations are lacking. There are dedicated tools and benchmarks for common microarchitectural side-channel vulnerabilities for popular processor families such as Int...

EUVD-2020-7306

Malware in sbrugna...

EUVD-2023-1119

Malicious code in bioql PyPI...

EUVD-2022-48288

Malicious code in bioql PyPI...

Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.

...

Linux Distros Unpatched Vulnerability : CVE-2020-15309

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key...

Linux Distros Unpatched Vulnerability : CVE-2021-26933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Xen 4.9 through 4.14.x. On Arm, a guest is allowed to control whether memory accesses are bypassing the cache. This means that Xen...

Linux Distros Unpatched Vulnerability : CVE-2024-45191

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache- timing attacks due to use of S-boxes. This is related to...

Linux Distros Unpatched Vulnerability : CVE-2016-7439

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The C software implementation of RSA in wolfSSL formerly CyaSSL before 3.9.10 makes it easier for local users to discover RSA keys by leveraging cache-bank hit...

Linux Distros Unpatched Vulnerability : CVE-2024-45192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to th...

CVE-2025-8774 riscv-boom SonicBOOM L1 Data Cache timing discrepancy

A vulnerability has been found in riscv-boom SonicBOOM up to 2.2.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component L1 Data Cache Handler. The manipulation leads to observable timing discrepancy. Local access is required to approach this...

riscv-boom SonicBOOM 安全漏洞

riscv-boom SonicBOOM is a SonicBOOM: The Berkeley Out-of-Order RISC-V Processor open source SonicBOOM: The Berkeley Chaos Machine. A security vulnerability exists in riscv-boom SonicBOOM 2.2.3 and earlier versions, which stems from an observable timing difference issue in the component L1 Data...

CVE-2020-15309

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to an Observable Timing Discrepancy in Vault (CVE-2023-25000)

Summary Vault is used by IBM Storage Fusion Data Foundation in mcg, ocs, odr, cephcsi, and odr operators as part of credential management. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2023-25000. Vulnerability Details...

Linux Distros Unpatched Vulnerability : CVE-2018-0737

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cach...

OESA-2024-2472 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later th...

SUSE CVE-2024-45192

An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session keys. This refers to the libolm implementation of Olm. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-45191

An issue was discovered in Matrix libolm through 3.2.16. The AES implementation is vulnerable to cache-timing attacks due to use of S-boxes. This is related to software that uses a lookup table for the SubWord step. This refers to the libolm implementation of Olm. NOTE: This vulnerability only...