CVE-2026-3337

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...

MiracleLinux 9 : runc-1.1.12-2.el9 (AXSA:2024-7794:03)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7794:03 advisory. golang: io/fs: stack exhaustion in Glob CVE-2022-30630 golang: compress/gzip: stack exhaustion in Reader.Read CVE-2022-30631 golang: path/filepath:...

MiracleLinux 9 : buildah-1.33.6-2.el9 (AXSA:2024-7786:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7786:03 advisory. golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 golang: crypto/tls: Timing Side Channel...

CVE-2025-13912

Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through timing side-channel attacks...

RockyLinux 10 : delve and golang (RLSA-2025:7466)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:7466 advisory. golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints CVE-2024-45341 golang: net/http: net/http: sensitive headers...

OpenSSL Timing Side-Channel Vulnerability (20250930, CVE-2025-9231) - Windows

OpenSSL is prone to a timing side-channel vulnerability in SM2 algorithm on 64 bit ARM. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

OpenSSL Timing Side-Channel Vulnerability (20250930, CVE-2025-9231) - Linux

OpenSSL is prone to a timing side-channel vulnerability in SM2 algorithm on 64 bit ARM. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

OpenSSL 3.3.0 < 3.3.5 Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 3.3.5. It is, therefore, affected by multiple vulnerabilities as referenced in the 3.3.5 advisory. - Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm...

Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

...

Linux Distros Unpatched Vulnerability : CVE-2018-20187

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A side-channel issue was discovered in Botan before 2.9.0. An attacker capable of precisely measuring the time taken for ECC key generation may be able to deriv...

Security update for libgcrypt

This update for libgcrypt fixes the following issues: CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts bsc1221107. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

SUSE SLES15 Security Update : libgcrypt (SUSE-SU-2025:02752-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02752-1 advisory. - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts bsc1221107. Tenable has...

Security update for libgcrypt

This update for libgcrypt fixes the following issues: CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts bsc1221107. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or...

Security update for libgcrypt

This update for libgcrypt fixes the following issues: CVE-2024-2236: Fixed timing based side-channel in RSA implementation bsc1221107 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run t...

SUSE-SU-2025:20406-1 Security update for openssl-3

This update for openssl-3 fixes the following issues: - CVE-2025-27587: Fixed Minerva side channel vulnerability in P-384 on PPC arch bsc1240366 - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation bsc1236136...

crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leaka...

crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec

A flaw was found in the Golang crypto/internal/nistec package. Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Considering how this function is used, this leaka...

ALSA-2025:7466 Moderate: delve and golang security update

Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you're using a debugger, things aren't going your way. With that in mind, Delve should stay out ...

Important: Red Hat Security Advisory: RHSA: Submariner 0.18.5 - bug and security update

Submariner 0.18 packages that fix various bugs and add various enhancements that are now available for Red Hat Advanced Cluster Management for Kubernetes version 2.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CV...

Security update for openssl-1_1

This update for openssl-11 fixes the following issues: CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation bsc1236136. Other bugfixes: Non approved PBKDF parameters wrongly resulting as approved bsc1236771. Patch Instructions: To install this SUSE update use the SUSE...