Lucene search
K

33 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/21 7:34 a.m.7 views

CVE-2026-44061

Netatalk 1.5.0 through 4.4.2 uses DES-ECB for authentication with a timing side channel, which allows a remote attacker to recover authentication credentials via timing analysis...

5.9CVSS5.8AI score0.00389EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/06 10:40 p.m.10 views

pyquorum: Timing side‑channel in mul_mod

Impact The mulmod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand the exponent. An attacker who can measure the time of secret‑sharing operations e.g., via a remote service could progressively recover the valu...

6.9CVSS6AI score0.00314EPSS
Exploits0References5Affected Software1
SUSE CVE
SUSE CVE
added 2026/02/05 12:47 a.m.11 views

SUSE CVE-2025-13473

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

7.5CVSS5.4AI score0.00713EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-31728

Malicious code in bioql PyPI...

6.5CVSS6.2AI score0.02234EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/09/30 1:17 p.m.17 views

CVE-2025-9231 Timing side-channel in SM2 algorithm on 64 bit ARM

Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private...

0.02234EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/09/30 1:17 p.m.3 views

CVE-2025-9231 Timing side-channel in SM2 algorithm on 64 bit ARM

Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private...

6.3AI score0.02234EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.4 views

PT-2025-39987

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 3.5.4 OpenSSL versions prior to 3.4.3 OpenSSL versions prior to 3.3.5 OpenSSL versions prior to 3.2.6 Description A timing side-channel exists in the SM2 algorithm implementation on 64-bit ARM platforms, potentially...

7.5CVSS7.2AI score0.02234EPSS
Exploits0References54
Packet Storm News
Packet Storm News
added 2025/07/22 12:0 a.m.7 views

GATEBLEED: Exploiting On-Core Accelerator Power Gating for High Performance and Stealthy Attacks on AI

As power consumption from AI training and inference continues to increase, AI accelerators are being integrated directly into the CPU. Intel's Advanced Matrix Extensions AMX is one such example, debuting on the 4th generation Intel Xeon Scalable CPU. We discover a timing side and covert channel,...

6.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 12:28 a.m.6 views

CVE-2022-4823

A vulnerability, which was classified as problematic, was found in InSTEDD Nuntium. Affected is an unknown function of the file app/controllers/geopollcontroller.rb. The manipulation of the argument signature leads to observable timing discrepancy. It is possible to launch the attack remotely. Th...

5.9CVSS7AI score0.0063EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:19 a.m.12 views

CVE-2012-5607

The "Lost Password" reset functionality in ownCloud before 4.0.9 and 4.5.0 does not properly check the security token, which allows remote attackers to change an accounts password via unspecified vectors related to a "Remote Timing Attack."...

5CVSS7.2AI score0.02102EPSS
Exploits0References1
Amd
Amd
added 2022/06/14 12:0 a.m.42 views

Frequency Scaling Timing Power Side-Channels

Bulletin ID: AMD-SB-1038 Potential Impact: Information Disclosure Severity: Medium Summary AMD is aware of the academic research paper titled “Hertzbleed: Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86”. AMD has been notified the researchers intend to submit their paper to...

6.5CVSS6.3AI score0.01044EPSS
Exploits0
OSV
OSV
added 2022/03/26 12:22 a.m.25 views

GHSA-Q8HG-PF8V-CXRV Symfony Http-Kernel has non-constant time comparison in UriSigner

When checking the signature of an URI an ESI fragment URL for instance, the URISigner did not used a constant time string comparison function, resulting in a potential remote timing attack vulnerability...

8.1CVSS7.9AI score0.01338EPSS
Exploits0References13
Github Security Blog
Github Security Blog
added 2022/03/26 12:22 a.m.31 views

Symfony Http-Kernel has non-constant time comparison in UriSigner

When checking the signature of an URI an ESI fragment URL for instance, the URISigner did not used a constant time string comparison function, resulting in a potential remote timing attack vulnerability...

8.1CVSS7.8AI score0.01338EPSS
Exploits0References14Affected Software2
The Hacker News
The Hacker News
added 2020/07/31 9:39 a.m.66 views

New Attack Leverages HTTP/2 for Effective Remote Timing Side-Channel Leaks

Security researchers have outlined a new technique that renders a remote timing-based side-channel attack more effective regardless of the network congestion between the adversary and the target server. Remote timing attacks that work over a network connection are predominantly affected by...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2019/11/22 12:0 a.m.23 views

Symfony 2.8.0 <= 2.8.51, 3.4.0 <= 3.4.34, 4.2.0 <= 4.2.11 and 4.3.0 <= 4.3.7 Multiple Vulnerabilities

Symfony is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH, https://www.greenbone.net SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the...

8.1CVSS7.9AI score0.02248EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/09/12 12:0 a.m.41 views

FreeBSD : OpenSSL -- Multiple vulnerabilities (9e0c6f7a-d46d-11e9-a1c7-b499baebfeaf)

The OpenSSL project reports : ECDSA remote timing attack CVE-2019-1547 Low Fork Protection CVE-2019-1549 Low OpenSSL 1.1.1 only C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2019 Jacques...

5.3CVSS6.9AI score0.06232EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2019/09/11 1:9 p.m.2 views

NetCAT: New Attack Lets Hackers Remotely Steal Data From Intel CPUs

Unlike previous side-channel vulnerabilities disclosed in Intel CPUs, researchers have discovered a new flaw that can be exploited remotely over the network without requiring an attacker to have physical access or any malware installed on a targeted computer. DubbedNetCAT , short for Network Cach...

4.8CVSS6.8AI score0.00753EPSS
Exploits0
FreeBSD
FreeBSD
added 2019/09/10 12:0 a.m.45 views

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: ECDSA remote timing attack CVE-2019-1547 Low Fork Protection CVE-2019-1549 Low OpenSSL 1.1.1 only...

5.3CVSS2.8AI score0.06232EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2018/03/29 1:5 a.m.15 views

lydian.astro.ulg.ac.be Improper Access Control vulnerability

Open Bug Bounty ID: OBB-593281 Description| Value ---|--- Affected Website:| lydian.astro.ulg.ac.be Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| IAC Improper Access Control / CWE-284 CVSSv3 Score:| 6.5...

6.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2016/03/04 12:0 a.m.32 views

Fedora 22 : php-symfony-2.7.7-2.fc22 / php-twig-1.23.1-2.fc22 (2015-0b89738311)

Twig 1.23.1 2015-11-05 fixed some exception messages which triggered PHP warnings fixed BC on TwigTestNodeTestCase Twig 1.23.0 2015-10-29 - deprecated the possibility to override an extension by registering another one with the same name deprecated TwigExtensionInterface::getGlobals added...

7.5CVSS5.6AI score0.02712EPSS
Exploits1References5
Rows per page
Query Builder