3256 matches found
CVE-2026-47373
Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash...
CVE-2026-47373
Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash...
UBUNTU-CVE-2026-47373
Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash...
CVE-2026-47373
Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash...
EUVD-2026-31196
Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash...
CVE-2026-47373
Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash...
CVE-2026-47373 Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks
Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash...
Astra Linux – Vulnerability in Firefox and Thunderbird
The error page for sites with invalid TLS certificates lacked the activation-delay feature provided by Firefox to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page triggered user clicks at specific locations immediately before...
Astra Linux – Vulnerability in Firefox and Thunderbird
An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking, violating the WebAuthn goals. This vulnerability affect...
Astra Linux – Vulnerability in libgcrypt20
It was discovered that there was an ECDSA timing attack in the libgcrypt20 cryptographic library. Affected versions: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Fixed versions: 1.8.5-2 and 1.6.3-2+deb8u7...
Astra Linux – Vulnerability in Firefox and Thunderbird
By monitoring the time it takes for certain operations to complete, an attacker could figure out which external protocol handlers were functioning on a user’s system. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...
Astra Linux – Vulnerability in libmojolicious-perl
The Mojolicious module prior to version 8.65 for Perl is vulnerable to securecompare timing attacks, which allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...
perl-Crypt-SaltedHash 安全漏洞
perl-Crypt-SaltedHash is a Perl password hashing tool developed by Robert Rothenberg. Versions of perl-Crypt-SaltedHash prior to 0.09 contained security vulnerabilities. These vulnerabilities stemmed from the use of the built-in Perl eq comparison function; timing differences could be exploited t...
PT-2026-42265
Name of the Vulnerable Software and Affected Versions Crypt::SaltedHash versions prior to 0.110.0 Description Crypt::SaltedHash for Perl is susceptible to timing attacks because it uses Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying hash...
xiangshan-bpu-asid-poc
XiangShan Cross-ASID BPU Leak PoC Minimal proof of concept fo...
SUSE CVE-2026-6478
Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...
kv-cache-side-channel-poc
KV Cache Side-Channel: Cross-Tenant Timing Oracle Proof of co...
SUSE SLES16 Security Update : ongres-scram, ongres-stringprep, plexus-testing, maven, maven-doxia, mojo-parent, sisu (SUSE-SU-2026:21608-1)
The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:21608-1 advisory. Changes in ongres-scram: - Version 3.2 Fix Timing Attack Vulnerability in SCRAM Authentication bsc1250399, CVE-2025-59432 Updated...
CVE-2026-44368
PyQuorum is a cryptographic library for secret sharing and key management. Prior to 0.2.1, the mulmod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand the exponent. An attacker who can measure the time of...
OESA-2026-2319 httpd security update
Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to...