33 matches found
CVE-2026-44061
Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis...
pyquorum: Timing side‑channel in mul_mod
Impact The mulmod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand the exponent. An attacker who can measure the time of secret‑sharing operations e.g., via a remote service could progressively recover the valu...
SUSE CVE-2025-13473
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...
EUVD-2025-31728
Malicious code in bioql PyPI...
CVE-2025-9231 Timing side-channel in SM2 algorithm on 64 bit ARM
Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private...
CVE-2025-9231 Timing side-channel in SM2 algorithm on 64 bit ARM
Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private...
PT-2025-39987
Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 3.5.4 OpenSSL versions prior to 3.4.3 OpenSSL versions prior to 3.3.5 OpenSSL versions prior to 3.2.6 Description A timing side-channel exists in the SM2 algorithm implementation on 64-bit ARM platforms, potentially...
GATEBLEED: Exploiting On-Core Accelerator Power Gating for High Performance and Stealthy Attacks on AI
As power consumption from AI training and inference continues to increase, AI accelerators are being integrated directly into the CPU. Intel's Advanced Matrix Extensions AMX is one such example, debuting on the 4th generation Intel Xeon Scalable CPU. We discover a timing side and covert channel,...
CVE-2022-4823
A vulnerability, which was classified as problematic, was found in InSTEDD Nuntium. Affected is an unknown function of the file app/controllers/geopollcontroller.rb. The manipulation of the argument signature leads to observable timing discrepancy. It is possible to launch the attack remotely. Th...
CVE-2012-5607
The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."...
Frequency Scaling Timing Power Side-Channels
Bulletin ID: AMD-SB-1038 Potential Impact: Information Disclosure Severity: Medium Summary AMD is aware of the academic research paper titled “Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86”. AMD has been notified the researchers intend to submit their paper to...
GHSA-Q8HG-PF8V-CXRV Symfony Http-Kernel has non-constant time comparison in UriSigner
When checking the signature of an URI an ESI fragment URL for instance, the URISigner did not used a constant time string comparison function, resulting in a potential remote timing attack vulnerability...
Symfony Http-Kernel has non-constant time comparison in UriSigner
When checking the signature of an URI an ESI fragment URL for instance, the URISigner did not used a constant time string comparison function, resulting in a potential remote timing attack vulnerability...
New Attack Leverages HTTP/2 for Effective Remote Timing Side-Channel Leaks
Security researchers have outlined a new technique that renders a remote timing-based side-channel attack more effective regardless of the network congestion between the adversary and the target server. Remote timing attacks that work over a network connection are predominantly affected by...
Symfony 2.8.0 <= 2.8.51, 3.4.0 <= 3.4.34, 4.2.0 <= 4.2.11 and 4.3.0 <= 4.3.7 Multiple Vulnerabilities
Symfony is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH, https://www.greenbone.net SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the...
FreeBSD : OpenSSL -- Multiple vulnerabilities (9e0c6f7a-d46d-11e9-a1c7-b499baebfeaf)
The OpenSSL project reports : ECDSA remote timing attack CVE-2019-1547 Low Fork Protection CVE-2019-1549 Low OpenSSL 1.1.1 only C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2019 Jacques...
NetCAT: New Attack Lets Hackers Remotely Steal Data From Intel CPUs
Unlike previous side-channel vulnerabilities disclosed in Intel CPUs, researchers have discovered a new flaw that can be exploited remotely over the network without requiring an attacker to have physical access or any malware installed on a targeted computer. DubbedNetCAT , short for Network Cach...
OpenSSL -- Multiple vulnerabilities
The OpenSSL project reports: ECDSA remote timing attack CVE-2019-1547 Low Fork Protection CVE-2019-1549 Low OpenSSL 1.1.1 only...
lydian.astro.ulg.ac.be Improper Access Control vulnerability
Open Bug Bounty ID: OBB-593281 Description| Value ---|--- Affected Website:| lydian.astro.ulg.ac.be Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...
Fedora 22 : php-symfony-2.7.7-2.fc22 / php-twig-1.23.1-2.fc22 (2015-0b89738311)
Twig 1.23.1 2015-11-05 fixed some exception messages which triggered PHP warnings fixed BC on TwigTestNodeTestCase Twig 1.23.0 2015-10-29 - deprecated the possibility to override an extension by registering another one with the same name deprecated TwigExtensionInterface::getGlobals added...