920 matches found
CVE-2026-43384
In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...
CVE-2026-43384 net/tcp-ao: Fix MAC comparison to be constant-time
In the Linux kernel, the following vulnerability has been resolved: net/tcp-ao: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...
CVE-2026-43383 net/tcp-md5: Fix MAC comparison to be constant-time
In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...
CVE-2026-43383
In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...
CVE-2026-43383
CVE-2026-43383 affects the Linux kernel’s TCP MD5 signature handling. The root cause is a non-constant-time MAC comparison, enabling potential timing attacks. The vulnerability is addressed by changing the MAC comparison to a constant-time implementation using the appropriate helper function. The...
CVE-2026-43383
In the Linux kernel, the following vulnerability has been resolved: net/tcp-md5: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that the MAC comparison in tcp-ao does not use a constant time, potentially leading to timing...
PT-2026-39045
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A timing attack issue exists in the TCP Authentication Option TCP-AO implementation. The Message Authentication Code MAC comparison was not performed in constant-time, which could allow ...
PT-2026-39044
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A timing attack is possible because Message Authentication Codes MACs are not compared in constant time. This allows an attacker to potentially deduce information by measuring the time t...
GHSA-53HJ-R94P-8C8F Kanidm has non-constant-time comparison of OAuth2 client_secret
Summary The kanidmd OAuth2 token-exchange /oauth2/token and token-introspection /oauth2/token/introspect endpoints compare the supplied clientsecret against the stored secret using Rust's PartialEq on String, which short-circuits on the first mismatching byte. This produces an observable timing...
GHSA-248H-974Q-XRC2 axonflow-sdk-java: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification
Summary The AxonFlow SDK's WebhookSubscription or equivalent type did not expose the HMAC-SHA256 signing key returned by the platform's CreateWebhook endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the X-AxonFlow-Signature header on incoming webhook...
axonflow-sdk-java: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification
Summary The AxonFlow SDK's WebhookSubscription or equivalent type did not expose the HMAC-SHA256 signing key returned by the platform's CreateWebhook endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the X-AxonFlow-Signature header on incoming webhook...
RHEL 7 / 8 / 9 : Red Hat JBoss Enterprise Application Platform 7.4.24 (RHSA-2026:12267)
The remote Redhat Enterprise Linux 7 / 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:12267 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This...
CVE-2026-41263
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences. The variable intended to ho...
CVE-2026-41263 Traefik: BasicAuth middleware: timing side-channel vulnerability
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences. The variable intended to ho...
CVE-2026-41263 Traefik: BasicAuth middleware: timing side-channel vulnerability
Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an attacker to enumerate valid usernames through response-time differences. The variable intended to ho...
bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA core. A covert timing channel vulnerability, caused by non-constant time comparisons, risks the leakage of private keys in the FrodoKEM implementation. An unauthenticated, remote attacker can potentially exploit this timing discrepancy ...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
bouncycastle: BC-JAVA: private key leakage via non-constant time comparisons
A flaw was found in Legion of the Bouncy Castle Inc. BC-JAVA core. A covert timing channel vulnerability, caused by non-constant time comparisons, risks the leakage of private keys in the FrodoKEM implementation. An unauthenticated, remote attacker can potentially exploit this timing discrepancy ...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.24 security update
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...