Mbed TLS 安全漏洞

Mbed TLS is an open-source, portable, easy-to-use, readable, and flexible SSL library developed by Mbed TLS. Mbed TLS versions 4.0.0 and earlier, as well as TF-PSA-Crypto versions 1.0.0 and earlier, have security vulnerabilities. These vulnerabilities stem from compiler-induced timing side...

EUVD-2026-9921

OpenClaw versions prior to 2026.2.13 use non-constant-time string comparison for hook token validation, allowing attackers to infer tokens through timing measurements. Remote attackers with network access to the hooks endpoint can exploit timing side-channels across multiple requests to gradually...

PT-2026-23539

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.12 Description The software uses non-constant-time string comparison for hook token validation. This allows attackers to potentially infer tokens through timing measurements. Remote attackers with network acce...

RustCrypto: Signatures 安全漏洞

RustCrypto: Signatures is a cryptographic signature algorithm open-sourced by Rust Crypto. A security vulnerability exists in RustCrypto: Signatures versions prior to 0.1.0-rc.2, which stems from the presence of timing side channels in the Decompose algorithm used during ML-DSA signing...

CVE-2025-12888

Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...

CVE-2025-12888

Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...

CVE-2025-12888

Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...

EUVD-2025-198523

Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...

PT-2025-47821

Name of the Vulnerable Software and Affected Versions X25519 affected versions not specified Description A flaw exists in X25519 constant-time cryptographic implementations due to timing side channels. These side channels are introduced by compiler optimizations and CPU architecture limitations,...

Security Audit of Intel ICE Driver for E810 Network Interface Card

The security of enterprise-grade networking hardware and software is critical to ensuring the integrity, availability, and confidentiality of data in modern cloud and data center environments. Network interface controllers NICs play a pivotal role in high-performance computing and virtualization,...

EUVD-2019-5265

Malware in sbrugna...

EUVD-2019-2286

Malware in sbrugna...

EUVD-2025-6671

Malicious code in bioql PyPI...

EUVD-2021-7388

Malicious code in bioql PyPI...

RLSA-2025:7466 Moderate: delve and golang security update

Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you're using a debugger, things aren't going your way. With that in mind, Delve should stay out ...

CVE-2019-10482

Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channel for SUI corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...

SILENT: a New Lens on Statistics in Software Timing Side Channels

Cryptographic research takes software timing side channels seriously. Approaches to mitigate them include constant-time coding and techniques to enforce such practices. However, recent attacks like Meltdown 42, Spectre 37, and Hertzbleed 70 have challenged our understanding of what it means for...

Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations

Description: The feldmanvss library contains timing side-channel vulnerabilities in its matrix operations, specifically within the findsecurepivot function and potentially other parts of securematrixsolve. These vulnerabilities are due to Python's execution model, which does not guarantee...

CVE-2025-29780 Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing VSS scheme. In versions 0.8.0b2 and prior, the feldmanvss library contains timing side-channel vulnerabilities in its matrix operations, specifically within the...

UBUNTU-CVE-2024-6375

A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions, pri...