DEBIAN-CVE-2026-5091

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash or password...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the muldi3 process. An attacker can infer sensitive cryptographic data by measuring execution time variations during cryptographic operations on RISC-V RV32I architectures. Remediation Upgrade wolfssl to version...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Bouncy Castle vulnerabilities (USN-8108-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8108-1 advisory. It was discovered that Bouncy Castle did not sanitize user input when inserting it into an LDAP search...

DEBIAN-CVE-2025-40204

In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

USN-7692-1: Request Tracker vulnerabilities

It was discovered that Request Tracker was susceptible to timing attacks. An attacker could possibly use this issue to access sensitive information. This issue only affected Ubuntu 22.04 LTS. CVE-2021-38562 It was discovered that Request Tracker was susceptible to cross-site scripting attacks whe...

Use Of A Cryptographic Primitive With A Risky Implementation

postquantumfeldmanvss is vulnerable to Use of a Cryptographic Primitive with a Risky Implementation. The vulnerability is due to ineffective redundancy checks and timing leaks, allowing an attacker to bypass security mechanisms, extract secret polynomial coefficients, and manipulate commitment...

USN-7180-1 python2.7 vulnerabilities

It was discovered that Python incorrectly handled certain scripts. An attacker could possibly use this issue to execute arbitrary code or cause a crash. CVE-2022-48560 It was discovered that Python did not properly handle XML entity declarations in plist files. An attacker could possibly use this...

PHPECC vulnerable to multiple cryptographic side-channel attacks

ECDSA Canonicalization PHPECC is vulnerable to malleable ECDSA signature attacks. Constant-Time Signer When generating a new ECDSA signature, the GMPMath adapter was used. This class wraps the GNU Multiple Precision arithmetic library GMP, which does not aim to provide constant-time implementatio...

Observable Discrepancy

Overview org.bouncycastle:bcprov-jdk15on is a Java implementation of cryptographic algorithms. Affected versions of this package are vulnerable to Observable Discrepancy due to the timing difference between exceptions thrown when processing RSA key exchange handshakes, AKA Marvin. Note: The...

Barzahlen Payment Module PHP SDK 安全漏洞

Barzahlen Payment Module PHP SDK is a Barzahlen PHP library. A security vulnerability exists in Barzahlen Payment Module PHP SDK versions prior to 2.0.1, which stems from a faulty validation of a function in the file src/Webhook.php, which can lead to observable timing differences...

USN-5726-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, spoof the contents of the addressbar, bypass security restrictions, cross-site tracing or execute arbitra...

CVE-2021-34337

A timing attack was found in the mailman administrative REST API due to the usage of a simple string comparison function when checking the password. This flaw allows an attacker who can talk to the REST API to discover the admin password due to timing leaks...

Code injection

common/password.c in Pengutronix barebox through 2021.07.0 leaks timing information because strncmp is used during hash comparison...

USN-4504-1 openssl, openssl1.0 vulnerabilities

Robert Merget, Marcus Brinkmann, Nimrod Aviram, and Juraj Somorovsky discovered that certain Diffie-Hellman ciphersuites in the TLS specification and implemented by OpenSSL contained a flaw. A remote attacker could possibly use this issue to eavesdrop on encrypted communications. This was fixed i...

Internet Bug Bounty: Dragonblood: Design and Implementation Flaws in WPA3 and EAP-pwd

Full background information is at our website and detailed information can be found in our research paper. Vulnerability Summary First Disclosure Summarized, the Dragonfly handshake of WPA3 and EAP-pwd is supposed to prevent dictionary attacks. However, we discovered design flaws that still enabl...

Monero: Exploiting Network and Timing Side-Channels to Break Monero Receiver Anonymity

Summary: We present various examples of side-channel leakage in the communication between a Monero wallet and P2P node. Communication patterns and timing leak whether the wallet is the payee of a transaction that is sent into the transaction pool or mined in a block—thereby breaking transaction...

USN-3194-1 openjdk-7 vulnerabilities

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update moves those algorithms to the legacy algorithm set and causes...

Debian DSA-3629-1 : ntp - security update

Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs : - CVE-2015-7974 Matt Street discovered that insufficient key validation allows impersonation attacks between authenticated peers. - CVE-2015-7977 CVE-2015-7978 Stephen Gray discovered that a NULL...

Debian DLA-559-1 : ntp security update

Several vulnerabilities were discovered in the Network Time Protocol daemon and utility programs : CVE-2015-7974 Matt Street discovered that insufficient key validation allows impersonation attacks between authenticated peers. CVE-2015-7977 / CVE-2015-7978 Stephen Gray discovered that a NULL...

CentOS 6 : openssl (CESA-2016:0996)

An update for openssl is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...