1848 matches found
CVE-2026-13758
CryptX versions before 0.088001 for Perl compare AEAD authentication tags in non-constant time in the streaming decryptdone path. The decryptdone$tag form compares it against the computed tag with memNE memcmp != 0, which short-circuits on the first differing byte, so its run time depends on the...
CVE-2026-13758 CryptX versions before 0.088_001 for Perl compare AEAD authentication tags in non-constant time in the streaming decrypt_done path
CryptX versions before 0.088001 for Perl compare AEAD authentication tags in non-constant time in the streaming decryptdone path. The decryptdone$tag form compares it against the computed tag with memNE memcmp != 0, which short-circuits on the first differing byte, so its run time depends on the...
gnutls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal
A flaw was found in gnutls. The PKCS7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of...
RHEL 9 : gnutls (RHSA-2026:32962)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:32962 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such a...
gnutls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal
A flaw was found in gnutls. The PKCS7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of...
postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison
A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...
Oracle Linux 9 : memcached (ELSA-2026-27862)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-27862 advisory. - Fix timing side-channel in SASL password database authentication CVE-2026-47783 Tenable has extracted the preceding description block directly from the Oracl...
memcached security update
An update is available for memcached. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list memcached is a high-performance, distributed memory object caching system,...
AlmaLinux 10 : memcached (ALSA-2026:27842)
The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:27842 advisory. memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 Tenable has extracted the preceding description block directly from the AlmaLin...
AlmaLinux 9 : memcached (ALSA-2026:27862)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:27862 advisory. memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 Tenable has extracted the preceding description block directly from the AlmaLinu...
RockyLinux 9 : memcached (RLSA-2026:27862)
The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:27862 advisory. memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 Tenable has extracted the preceding description block directly from the...
RockyLinux 10 : memcached (RLSA-2026:27842)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:27842 advisory. memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 Tenable has extracted the preceding description block directly from the...
postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison
A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...
Important: Red Hat Security Advisory: memcached security update
An update for memcached is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
memcached: memcached: Username enumeration via timing side channel
A flaw was found in memcached. A remote attacker can exploit a timing side channel during Simple Authentication and Security Layer SASL password database authentication. This vulnerability allows an attacker to observe subtle timing differences, which could be used to enumerate valid usernames...
memcached: memcached: Username enumeration via timing side channel
A flaw was found in memcached. A remote attacker can exploit a timing side channel during Simple Authentication and Security Layer SASL password database authentication. This vulnerability allows an attacker to observe subtle timing differences, which could be used to enumerate valid usernames...
Important: Red Hat Security Advisory: memcached security update
An update for memcached is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
ALSA-2026:27842 Important: memcached security update
memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fixes: memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 For more detai...
Important: memcached security update
memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fixes: memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 For more detai...
ALSA-2026:27862 Important: memcached security update
memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fixes: memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 For more detai...