Lucene search
K

3256 matches found

NVD
NVD
added 2026/05/20 9:16 p.m.19 views

CVE-2026-47373

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash...

7.5CVSS0.00393EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/20 9:16 p.m.12 views

CVE-2026-47373

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References5
OSV
OSV
added 2026/05/20 9:16 p.m.5 views

UBUNTU-CVE-2026-47373

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/20 8:25 p.m.10 views

CVE-2026-47373

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash...

5.8AI score0.00393EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/20 8:25 p.m.16 views

EUVD-2026-31196

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash...

5.8AI score0.00393EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/20 8:25 p.m.10 views

CVE-2026-47373

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash...

7.5CVSS5.8AI score0.00393EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/20 8:25 p.m.35 views

CVE-2026-47373 Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks

Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash...

0.00393EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Firefox and Thunderbird

The error page for sites with invalid TLS certificates lacked the activation-delay feature provided by Firefox to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page triggered user clicks at specific locations immediately before...

3.1CVSS5.4AI score0.00897EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Firefox and Thunderbird

An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking, violating the WebAuthn goals. This vulnerability affect...

6.5CVSS7AI score0.00594EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in libgcrypt20

It was discovered that there was an ECDSA timing attack in the libgcrypt20 cryptographic library. Affected versions: 1.8.4-5, 1.7.6-2+deb9u3, and 1.6.3-2+deb8u4. Fixed versions: 1.8.5-2 and 1.6.3-2+deb8u7...

6.3CVSS6.2AI score0.0051EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Firefox and Thunderbird

By monitoring the time it takes for certain operations to complete, an attacker could figure out which external protocol handlers were functioning on a user’s system. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...

4.3CVSS6.9AI score0.00736EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in libmojolicious-perl

The Mojolicious module prior to version 8.65 for Perl is vulnerable to securecompare timing attacks, which allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected...

7.5CVSS7.2AI score0.00507EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.11 views

perl-Crypt-SaltedHash 安全漏洞

perl-Crypt-SaltedHash is a Perl password hashing tool developed by Robert Rothenberg. Versions of perl-Crypt-SaltedHash prior to 0.09 contained security vulnerabilities. These vulnerabilities stemmed from the use of the built-in Perl eq comparison function; timing differences could be exploited t...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.12 views

PT-2026-42265

Name of the Vulnerable Software and Affected Versions Crypt::SaltedHash versions prior to 0.110.0 Description Crypt::SaltedHash for Perl is susceptible to timing attacks because it uses Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying hash...

9.1CVSS5.8AI score0.00397EPSS
Exploits0References18
GithubExploit
GithubExploit
added 2026/05/19 6:36 a.m.86 views

xiangshan-bpu-asid-poc

XiangShan Cross-ASID BPU Leak PoC Minimal proof of concept fo...

5.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/18 1:22 p.m.19 views

SUSE CVE-2026-6478

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

6.5CVSS5.8AI score0.00558EPSS
Exploits0References32
GithubExploit
GithubExploit
added 2026/05/17 6:52 p.m.112 views

kv-cache-side-channel-poc

KV Cache Side-Channel: Cross-Tenant Timing Oracle Proof of co...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/16 12:0 a.m.9 views

SUSE SLES16 Security Update : ongres-scram, ongres-stringprep, plexus-testing, maven, maven-doxia, mojo-parent, sisu (SUSE-SU-2026:21608-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:21608-1 advisory. Changes in ongres-scram: - Version 3.2 Fix Timing Attack Vulnerability in SCRAM Authentication bsc1250399, CVE-2025-59432 Updated...

8.7CVSS5.9AI score0.00835EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.11 views

CVE-2026-44368

PyQuorum is a cryptographic library for secret sharing and key management. Prior to 0.2.1, the mulmod function implements multiplication via a binary expansion loop whose execution time depends on the Hamming weight of the second operand the exponent. An attacker who can measure the time of...

6.9CVSS6AI score0.00314EPSS
Exploits0References1
OSV
OSV
added 2026/05/15 2:1 p.m.8 views

OESA-2026-2319 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to upgrade to...

9.8CVSS5.8AI score0.01325EPSS
Exploits2References7
Rows per page
Query Builder