JLSEC-2026-524

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS1 v1.5 padding...

CVE-2025-13473

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. The django.contrib.auth.handlers.modwsgi.checkpassword function for authentication via modwsgi allows remote attackers to enumerate users via a timing attack. Earlier, unsupported Django series such as 5.0.x,...

DivvyDrive Web 安全漏洞

DivvyDrive Web is a file management and sharing system from the Turkish company DivvyDrive. A security vulnerability exists in DivvyDrive Web versions 4.8.2.2 through prior to 4.8.2.15, which stems from the presence of an observable timing difference that could lead to a cross-domain search timin...

Mbed TLS 安全漏洞

Mbed TLS is an open source, portable, easy to use, readable and flexible SSL library from Mbed TLS Open Source. A security vulnerability exists in Mbed TLS versions 3.6.1 through 3.6.3 that stems from a timing difference and could lead to plaintext recovery...

GHSA-52XF-5P2M-9WRV s2n-tls has a potentially observable differences in RSA premaster secret handling

When receiving a message from a client that sent an invalid RSA premaster secret, an issue in s2n-tls results in the server performing additional processing when the premaster secret contains an incorrect client hello version. While no practical attack on s2n-tls has been demonstrated, this cause...

s2n-tls has a potentially observable differences in RSA premaster secret handling

When receiving a message from a client that sent an invalid RSA premaster secret, an issue in s2n-tls results in the server performing additional processing when the premaster secret contains an incorrect client hello version. While no practical attack on s2n-tls has been demonstrated, this cause...

Dell BSAFE Micro Edition Suite 安全漏洞

The Dell BSAFE Micro Edition Suite is a development toolkit from Dell Inc. that provides cryptographic, certificate, and transport layer security for c/c++ applications, devices, and systems. A security vulnerability exists in Dell BSAFE Micro Edition Suite versions prior to 4.6, Dell BSAFE...

Red Hat OpenShift 安全漏洞

Red Hat OpenShift is a Platform-as-a-Service PaaS cloud computing platform from Red Hat, Inc. that supports building, testing, deploying and running applications. A security vulnerability exists in Red Hat OpenShift OSIN that stems from an incorrect manipulation of the secret parameter resulting ...

User Enumeration via Response Timing

Description There is a significant timing difference in the login functionality for valid and invalid usernames. Proof of Concept Steps to reproduce: 1. Attempt a Login with a valid user and an invalid user and observe the difference in the response time Here is a small test script alternatively ...

User Enumeration via Response Timing

Description There is a significant timing difference in the login functionality for valid and invalid usernames. Proof of Concept 1. Attempt a Login with a valid user and an invalid user and observe the difference in the response time Here is a small test script alternatively we can see the...

User Enumeration via Response Timing

Description There is a significant timing difference in the login functionality of the Nakama Console for valid and invalid email addresses or usernames. Proof of Concept 1. Login to the Nakama Console as admin and create a User [email protected] 2. Logout 3. Attempt a Login with an incorrect passwor...

Unspecified Vulnerability in Dell BSAFE Crypto-C Micro Edition and Dell BSAFE Micro Edition Suite

Dell BSAFE Micro Edition Suite is a development toolkit that provides encryption, certificate, and transport layer security for c/c++ applications, devices, and systems.Dell BSAFE is a security software product that supports cryptographic algorithms, certificate chain validation, and Transport...

Dell BSAFE 安全漏洞

Dell BSAFE Micro Edition Suite is a development toolkit that provides encryption, certificate, and transport layer security for c/c++ applications, devices, and systems.Dell BSAFE is a security software product that supports cryptographic algorithms, certificate chain validation, and Transport...

CVE-2021-31866

CVE-2021-31866 affects Redmine before 4.0.9 and 4.1.x before 4.1.3. An attacker can learn internal authentication keys by observing timing differences in string comparisons in SysController and MailHandlerController, causing information disclosure. Affected product is Redmine (web-based project m...

GHSA-4V4G-726H-XVFV Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-esm-runtime

Impact AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed JWEDecryptionFailed would be thrown. But a possibly observable difference in timing when padding error would occur while...

Padding Oracle Attack

jose is vulnerable to padding oracle attack. A possible observable difference in timing when padding error occurs while decrypting the ciphertext allows an attacker to obtain the plaintext data without knowledge of the decryption key...

CVE-2021-29446

jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

CVE-2021-29445

jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

CVE-2021-29446

jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...

CVE-2021-29444

jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AESCBCHMACSHA2 Algorithm A128CBC-HS256, A192CBC-HS384, A256CBC-HS512 decryption would always execute both HMAC tag verification and CBC decryption, if either failed...