CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A non-time constant function memcmp is used which creates a side channel that could leak information in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile...

7.8CVSS7AI score0.00094EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:31 a.m.•4 views

CVE-2019-14007

Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channel for SUI corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...

5.5CVSS7.4AI score0.00045EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 10:24 a.m.•3 views

CVE-2019-10483

Side channel issue in QTEE due to usage of non-time-constant comparison function such as memcmp or strcmp in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon...

5.5CVSS7.2AI score0.00045EPSS

Exploits0References1

Positive Technologies•added 2023/10/25 12:0 a.m.•3 views

PT-2023-6542 · Jenkins · Jenkins Gogs Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Gogs Plugin versions 1.0.15 and earlier Description: The issue is related to the use of a non-constant time comparison function when checking the equality of provided and expected webhook tokens. This potentially allows attackers to u...

5.3CVSS4.9AI score0.00109EPSS

Exploits0References11

RedHat Linux•added 2020/12/15 3:6 p.m.•1 views

kernel: The flow_dissector feature allows device tracking

A device tracking vulnerability was found in the flowdissector feature in the Linux kernel. This flaw occurs because the auto flowlabel of the UDP IPv6 packet relies on a 32-bit hashmd value as a secret, and jhash instead of siphash is used. The hashmd value remains the same starting from boot ti...

5.3CVSS7AI score0.00678EPSS

Exploits0References4

Prion•added 2020/04/16 11:15 a.m.•15 views

Design/Logic Flaw

4.9CVSS5.9AI score0.00045EPSS

Exploits0References1

CVE•added 2020/04/16 10:46 a.m.•51 views

CVE-2019-14007

CVE-2019-14007 describes a timing side-channel issue caused by non-time-constant comparison functions affecting Qualcomm Snapdragon components (closed-source) across multiple devices. The underlying problem could enable a local attacker to infer sensitive information (SUI-related) due to timing d...

5.5CVSS5.8AI score0.00045EPSS

Exploits0References1Affected Software1

Cvelist•added 2020/04/16 10:46 a.m.•19 views

CVE-2019-14007

5.8AI score0.00045EPSS

Exploits0References1

CVE•added 2020/04/16 10:46 a.m.•52 views

CVE-2019-10483

CVE-2019-10483 describes a side-channel vulnerability in Qualcomm’s QTEE due to non-time-constant comparisons (memcpy-like memcmp/strcmp) used across Snapdragon platforms (Auto, Compute, Connectivity, etc. including APQ8009, SDM, SM, and other family seeds). Root cause: non-constant-time comparis...

5.5CVSS5.7AI score0.00045EPSS

Exploits0References1Affected Software1

Cvelist•added 2020/04/16 10:46 a.m.•18 views

CVE-2019-10483

5.7AI score0.00045EPSS

Exploits0References1

NVD•added 2019/06/14 5:29 p.m.•14 views

CVE-2018-5913

7.8CVSS7.5AI score0.00094EPSS

Exploits0References1

Cvelist•added 2019/02/25 11:0 p.m.•21 views

CVE-2018-11820

Use of non-time constant memcmp function creates side channel that leaks information and leads to cryptographic issues in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT,...

5.7AI score0.00051EPSS

Exploits0References2

CVE•added 2019/02/25 11:0 p.m.•58 views

CVE-2018-11820

CVE-2018-11820 concerns a side-channel leak caused by using a non-time-constant memcmp function in Qualcomm/Snapdragon components. Affected platforms include Snapdragon Auto/Compute/Connectivity, Snapdragon IoT lines and many SDM/SD/SDM variants (e.g., IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640,...

5.5CVSS5.6AI score0.00051EPSS

Exploits0References2Affected Software1

Prion•added 2019/02/25 10:29 p.m.•21 views

Code injection

Usage of non-time-constant comparison functions can lead to information leakage through side channel analysis in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...

4.9CVSS5.7AI score0.00051EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by