Lucene search
K

191 matches found

Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.12 views

PT-2026-32627

A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which induce non-constant...

4.6CVSS6AI score0.00241EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/03/03 12:0 a.m.32 views

Kraken: Higher-Order EM Side-Channel Attacks on DNNs in near and Far Field

The multi-million dollar investment required for modern machine learning ML has made large ML models a prime target for theft. In response, the field of model stealing has emerged. Attacks based on physical side-channel information have shown that DNN model extraction is feasible, even on CUDA...

6AI score
Exploits0
NVD
NVD
added 2026/03/02 10:16 p.m.4 views

CVE-2026-3337

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...

8.2CVSS0.01079EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : buildah-1.33.6-2.el9 (AXSA:2024-7786:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7786:03 advisory. golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 golang: crypto/tls: Timing Side Channel...

7.5CVSS7.6AI score0.0125EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.10 views

MiracleLinux 9 : runc-1.1.12-2.el9 (AXSA:2024-7794:03)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7794:03 advisory. golang: io/fs: stack exhaustion in Glob CVE-2022-30630 golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30631 golang: path/filepath:...

7.5CVSS7.1AI score0.01618EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 4 : java-1.7.0-openjdk-1.7.0.231-2.6.19.1.AXS4 (AXSA:2019-3940:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3940:03 advisory. OpenJDK: Side-channel attack risks in Elliptic Curve EC cryptography Security, 8208698 CVE-2019-2745 OpenJDK: Insufficient checks of suppressed...

5.8CVSS6.7AI score0.04351EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/12/15 2:35 p.m.4 views

CVE-2025-13912

Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through timing side-channel attacks...

1CVSS6.3AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/11 12:3 a.m.7 views

CVE-2025-63094

XiangShan Nanhu V2 and XiangShan Kunmighu V3 were discovered to use speculative execution and indirect branch prediction, allowing attackers to access sensitive information via side-channel analysis of the data cache...

7.5CVSS7AI score0.0049EPSS
Exploits1References1
CVE
CVE
added 2025/12/10 12:0 a.m.23 views

CVE-2025-63094

XiangShan Nanhu V2 and XiangShan Kunmighu V3 are affected by a speculative execution/indirect branch prediction vulnerability that enables side-channel access to data in the cache, allowing potential disclosure of sensitive information. Exploitation details are not provided in the connected docum...

7.5CVSS6.6AI score0.0049EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.5 views

XiangShan安全漏洞

XiangShan is an open source high performance RISC-V processor project open sourced by XiangShan in China. A security vulnerability exists in XiangShan that stems from speculative execution and indirect branch prediction that could lead to a side-channel analysis attack...

7.5CVSS6.6AI score0.0049EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/10/06 12:0 a.m.12 views

RockyLinux 10 : delve and golang (RLSA-2025:7466)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:7466 advisory. golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints CVE-2024-45341 golang: net/http: net/http: sensitive headers...

6.1CVSS6.6AI score0.00647EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-56113

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00244EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/10/01 12:0 a.m.5 views

OpenSSL Timing Side-Channel Vulnerability (20250930, CVE-2025-9231) - Windows

OpenSSL is prone to a timing side-channel vulnerability in SM2 algorithm on 64 bit ARM. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.5CVSS6.9AI score0.02234EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2025/10/01 12:0 a.m.4 views

OpenSSL Timing Side-Channel Vulnerability (20250930, CVE-2025-9231) - Linux

OpenSSL is prone to a timing side-channel vulnerability in SM2 algorithm on 64 bit ARM. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

6.5CVSS6.9AI score0.02234EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/30 12:0 a.m.6 views

OpenSSL 3.3.0 < 3.3.5 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.3.5. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.3.5 advisory. - Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm...

7.5CVSS6.7AI score0.02234EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/09/18 12:0 a.m.6 views

AlmaLinux 9 : mysql:8.4 (ALSA-2025:16046)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:16046 advisory. openssl: Timing side-channel in ECDSA signature computation CVE-2024-13176 mysql: mysqldump unspecified vulnerability CPU Apr 2025 CVE-2025-30722 mysql:...

7.5CVSS6.4AI score0.01226EPSS
Exploits2References55
Microsoft CVE
Microsoft CVE
added 2025/09/04 5:30 a.m.4 views

Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

...

4CVSS8.4AI score0.00284EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2018-20187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to deriv...

5.9CVSS6AI score0.01525EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2025/08/12 8:23 a.m.2 views

Security update for libgcrypt

This update for libgcrypt fixes the following issues: CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts bsc1221107. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

5.9CVSS9.8AI score0.01114EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.5 views

SUSE SLES15: libgcrypt-devel / libgcrypt-devel-32bit / libgcrypt20 / etc (SUSE-SU-2025:02752-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02752-1 advisory. - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts bsc1221107. Tenable has...

5.9CVSS6.6AI score0.01114EPSS
Exploits0References4
Rows per page
Query Builder