CVE-2026-13758

CryptX versions before 0.088001 for Perl compare AEAD authentication tags in non-constant time in the streaming decryptdone path. The decryptdone$tag form compares it against the computed tag with memNE memcmp != 0, which short-circuits on the first differing byte, so its run time depends on the...

gnutls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal

A flaw was found in gnutls. The PKCS7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of...

gnutls: gnutls: Information disclosure via timing side-channel in PKCS#7 padding removal

A flaw was found in gnutls. The PKCS7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of...

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

Oracle Linux 9 : memcached (ELSA-2026-27862)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-27862 advisory. - Fix timing side-channel in SASL password database authentication CVE-2026-47783 Tenable has extracted the preceding description block directly from the Oracl...

memcached security update

An update is available for memcached. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list memcached is a high-performance, distributed memory object caching system,...

RockyLinux 10 : memcached (RLSA-2026:27842)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:27842 advisory. memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 Tenable has extracted the preceding description block directly from the...

AlmaLinux 10 : memcached (ALSA-2026:27842)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:27842 advisory. memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 Tenable has extracted the preceding description block directly from the AlmaLin...

AlmaLinux 9 : memcached (ALSA-2026:27862)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:27862 advisory. memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 Tenable has extracted the preceding description block directly from the AlmaLinu...

RockyLinux 9 : memcached (RLSA-2026:27862)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:27862 advisory. memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 Tenable has extracted the preceding description block directly from the...

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

memcached: memcached: Username enumeration via timing side channel

A flaw was found in memcached. A remote attacker can exploit a timing side channel during Simple Authentication and Security Layer SASL password database authentication. This vulnerability allows an attacker to observe subtle timing differences, which could be used to enumerate valid usernames...

Important: Red Hat Security Advisory: memcached security update

An update for memcached is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

memcached: memcached: Username enumeration via timing side channel

A flaw was found in memcached. A remote attacker can exploit a timing side channel during Simple Authentication and Security Layer SASL password database authentication. This vulnerability allows an attacker to observe subtle timing differences, which could be used to enumerate valid usernames...

Important: Red Hat Security Advisory: memcached security update

An update for memcached is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

Important: memcached security update

memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fixes: memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 For more detai...

RHEL 9 : memcached (RHSA-2026:27862)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27862 advisory. memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web...

ALSA-2026:27842 Important: memcached security update

memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fixes: memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 For more detai...

ALSA-2026:27862 Important: memcached security update

memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fixes: memcached: memcached: Username enumeration via timing side channel CVE-2026-47783 For more detai...

Astra Linux – Vulnerability in OpenSSL

Issue summary: A timing side-channel that could potentially allow the recovery of the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow an attacker to recover the private key. However, measuring the timing woul...