Timing Attack

Overview com.liferay:com.liferay.portal.vulcan.impl is a Liferay Portal Vulcan Implementation Affected versions of this package are vulnerable to Timing Attack via the WorkflowException error messages. An attacker can infer the existence of ERC by measuring differences in response times...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the WorkflowException error messages. An attacker can infer the existence of ERC by measuring differences in response times. Remediation Upgrade com.liferay:com.liferay.portal.workflow.kaleo.runtime.integration.impl to...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the WorkflowException error messages. An attacker can infer the existence of ERC by measuring differences in response times. Remediation Upgrade com.liferay:com.liferay.headless.admin.workflow.impl to version 5.0.83 or...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the WorkflowException error messages. An attacker can infer the existence of ERC by measuring differences in response times. Remediation Upgrade com.liferay:com.liferay.portal.workflow.api to version 11.0.1 or higher...

CVE-2025-43786

Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 and 7.4 GA through update 92 allow attackers to determine existent ERC in the application by exploit t...

CVE-2025-43786

Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 and 7.4 GA through update 92 allow attackers to determine existent ERC in the application by exploit t...

CVE-2025-43786

CVE-2025-43786 affects multiple Liferay products, enabling an attacker to infer existence of External Reference Codes (ERC) by measuring response time differences (timing attack). Affected are Liferay Portal 7.4.0–7.4.3.128 and Liferay DXP releases listed in the CVE description. The root cause is...

SUSE CVE-2025-39702

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

AZL-66941 CVE-2025-39702 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enumerate users by leveraging the timing difference between responses when a large password is provided.

...

CLSA-2025-1756961235 nss: Fix of CVE-2023-5388

CVE-2023-5388: fix timing attack against RSA decryption in TLS r=jschanck...

ECDSA remote timing attack

...

CVE-2025-9824

ImpactThe attacker can validate if a user exists by checking the time login returns. This timing difference can be used to enumerate valid usernames, after which an attacker could attempt brute force attacks. PatchesThis vulnerability has been patched, implementing a timing-safe form login...

CVE-2025-9824

ImpactThe attacker can validate if a user exists by checking the time login returns. This timing difference can be used to enumerate valid usernames, after which an attacker could attempt brute force attacks. PatchesThis vulnerability has been patched, implementing a timing-safe form login...

Linux Distros Unpatched Vulnerability : CVE-2019-25025

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The activerecord-sessionstore aka Active Record Session Store component through 1.1.3 for Ruby on Rails does not use a constant-time approach when delivering...

Linux Distros Unpatched Vulnerability : CVE-2016-2849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow...

PT-2025-35774

Name of the Vulnerable Software and Affected Versions: versions prior to the patched version Description: The attacker can validate if a user exists by checking the time login returns. This timing difference can be used to enumerate valid usernames, after which an attacker could attempt brute for...

Linux Distros Unpatched Vulnerability : CVE-2024-39894

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry e.g., for su and Sudo because of an ObscureKeystrokeTiming...

Linux Distros Unpatched Vulnerability : CVE-2021-38562

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Best Practical Request Tracker RT 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against...

CVE-2025-7383

Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS7 decrypt operations...