Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to an Observable Timing Discrepancy in Vault (CVE-2023-25000)

Summary Vault is used by IBM Storage Fusion Data Foundation in mcg, ocs, odr, cephcsi, and odr operators as part of credential management. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2023-25000. Vulnerability Details...

CVE-2024-36469 User enumeration via timing attack in Zabbix web interface

Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one...

CVE-2024-36469

CVE-2024-36469 affects Zabbix across multiple distributions. The issue is described as a timing discrepancy: execution time for an unsuccessful login differs between non-existent vs. existing usernames. Connected advisories confirm affected packages and vendor-supplied patches: Debian LTS DLA-413...

CVE-2024-36469 User enumeration via timing attack in Zabbix web interface

Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one...

Security Bulletin: Mulltiple Vulnerabilities in OpenSSL Affect IBM Sterling Connect:Direct for HP NonStop

Summary There are multiple vulnerabilities in the OpenSSL library used by IBM Sterling Connect:Direct for HP NonStop. IBM Sterling Connect:Direct for HP NonStop has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-4304 DESCRIPTION: A timing based side channel exists in the...

DEBIAN-CVE-2024-13939

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string m...

UBUNTU-CVE-2024-13939

String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string m...

MetaCPAN String::Compare::ConstantTime 安全漏洞

MetaCPAN String::Compare::ConstantTime is a component of the MetaCPAN Foundation. A security vulnerability exists in MetaCPAN String::Compare::ConstantTime version 0.321 and earlier, which stems from a timing attack that could disclose the length of a secret string...

PT-2025-13421 · Unknown +1 · String::Compare::Constanttime +1

Name of the Vulnerable Software and Affected Versions: String::Compare::ConstantTime versions prior to 0.322 Description: The issue allows an attacker to guess the length of a secret string through timing attacks. According to the documentation, if the lengths of the strings are different, the si...

CVE-2025-30344

An issue was discovered in OpenSlides before 4.2.5. During login at the /system/auth/login/ endpoint, the system's response times differ depending on whether a user exists in the system. The timing discrepancy stems from the omitted hashing of the password e.g., more than 100 milliseconds...

CVE-2025-30344

An issue was discovered in OpenSlides before 4.2.5. During login at the /system/auth/login/ endpoint, the system's response times differ depending on whether a user exists in the system. The timing discrepancy stems from the omitted hashing of the password e.g., more than 100 milliseconds...

Siemens SCALANCE X-200RNA Switch Devices Observable Timing Discrepancy (CVE-2003-0190)

OpenSSH-portable OpenSSH 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack. This plugin only works with Tenable.ot. Please visit...

Siemens SCALANCE X-200RNA Switch Devices Observable Discrepancy (CVE-2016-2178)

The dsasignsetup function in crypto/dsa/dsaossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. This plugin only works with Tenable.ot. Please visit...

CVE-2024-22340

IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack...

CVE-2024-41760

IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations...

CVE-2024-41760

IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations...

CVE-2024-22340

The CVE-2024-22340 entry affects IBM Common Cryptographic Architecture (CCA) versions 7.0.0–7.5.51 for the 4769 family (MTM for 4769) across IBM AIX, IBM i, IBM PowerLinux, and Linux x86. The vulnerability could allow a remote attacker to obtain sensitive information during ECDSA signature creati...

CVE-2024-41760 IBM Common Cryptographic Architecture information disclosure

IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations...

CVE-2024-41760 IBM Common Cryptographic Architecture information disclosure

IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations...

IBM Common Cryptographic Architecture 安全漏洞

IBM Common Cryptographic Architecture is a cryptographic platform from the International Business Machines IBM Corporation. It provides a number of features to protect financial transactions. A security vulnerability exists in IBM Common Cryptographic Architecture versions 7.0.0 through 7.5.51,...