Lucene search
K

13 matches found

CVE
CVE
added 2026/05/13 8:18 p.m.23 views

CVE-2026-44368

CVE-2026-44368 affects PyQuorum prior to 0.2.1, where the mul_mod function uses a binary expansion loop whose runtime depends on the Hamming weight of the exponent. An attacker who can measure secret-sharing operation timing could progressively recover share values, potentially reconstruing the s...

6.9CVSS6AI score0.00314EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.4 views

CVE-2026-28464

OpenClaw versions prior to 2026.2.12 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually...

8.2CVSS5.8AI score0.00386EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-31728

Malicious code in bioql PyPI...

6.5CVSS6.2AI score0.02234EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/09/30 1:17 p.m.14 views

CVE-2025-9231 Timing side-channel in SM2 algorithm on 64 bit ARM

Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private...

0.02234EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/09/30 1:17 p.m.3 views

CVE-2025-9231 Timing side-channel in SM2 algorithm on 64 bit ARM

Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow recovering the private...

6.3AI score0.02234EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/08/29 9:19 a.m.3 views

CVE-2025-7383 Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in Oberon PSA Crypto library

Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS7 decrypt operations...

5.9CVSS6.3AI score0.00083EPSS
Exploits0References1
NVD
NVD
added 2024/06/10 1:15 p.m.45 views

CVE-2024-36405

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identified in the reference implementation of the Kyber key encapsulation mechanism when it is compiled with Clang 15-18 for -Os, -O1, and other...

7.5CVSS0.00515EPSS
Exploits0References4
Veracode
Veracode
added 2024/03/06 6:53 a.m.26 views

Side Channel Attack

libmbedtls.so is vulnerable to Side Channel Attack. The vulnerability is due to a miscalculation in a countermeasure to the Lucky 13 attack, allowing an active network attacker to partially recover plaintext of messages under specific conditions by exploiting timing measurements...

5.9CVSS6.4AI score0.02674EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2019/05/14 8:21 p.m.2 views

hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)

A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer...

5.9CVSS7AI score0.01553EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2015/07/22 7:56 p.m.3 views

OpenJDK: non-constant time comparisons in crypto code (JCE, 8074865)

It was discovered that the JCE component in OpenJDK failed to use constant time comparisons in multiple cases. An attacker could possibly use these flaws to disclose sensitive information by measuring the time used to perform operations using these non-constant time comparisons...

5CVSS6.6AI score0.03612EPSS
Exploits0References5
Prion
Prion
added 2014/02/06 5:44 a.m.30 views

Design/Logic Flaw

Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint...

5CVSS6.6AI score0.02467EPSS
Exploits0References19Affected Software8
Cvelist
Cvelist
added 2014/02/06 2:0 a.m.28 views

CVE-2014-1483

Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint...

9.2AI score0.02467EPSS
Exploits0References19
UbuntuCve
UbuntuCve
added 2014/02/05 12:0 a.m.24 views

CVE-2014-1483

Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers to bypass the Same Origin Policy and obtain sensitive information by using an IFRAME element in conjunction with certain timing measurements involving the document.caretPositionFromPoint and document.elementFromPoint...

5CVSS6.8AI score0.02467EPSS
Exploits0References3
Rows per page
Query Builder