AWS libcrypto 安全漏洞

AWS libcrypto is a general-purpose encryption library open sourced by Amazon Web Services. Versions of AWS libcrypto prior to 1.69.0 contained security vulnerabilities. These vulnerabilities stemmed from observable time differences during AES-CCM decryption, which could potentially allow...

CVE-2026-27480 Static Web Server: Timing-Based Username Enumeration in Basic Authentication

Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...

PT-2026-7914

Name of the Vulnerable Software and Affected Versions Directus versions prior to 11.14.1 Description A timing-based user enumeration issue exists in the password reset functionality. Providing an invalid reset url parameter results in differing response times – approximately 500ms – between...

AMD GPU Timing-Based Side Channels

Revisions Revision Date| Description ---|--- 2026-02-10| Initial publication...

Timing-Based Side-Channel Attack

github.com/mattermost/mattermost-server is vulnerable to timing-based side-channel attacks. The vulnerability is due to improper use of constant-time comparison for sensitive strings, which allows an attacker to exploit timing oracles to perform byte-by-byte brute-force attacks on Cloud API keys...

EUVD-2023-36586

Malicious code in bioql PyPI...

EUVD-2023-38005

Malicious code in bioql PyPI...

EUVD-2024-27416

Malicious code in bioql PyPI...

EUVD-2024-27192

Malicious code in bioql PyPI...

EUVD-2024-19901

Malicious code in bioql PyPI...

CVE-2025-9031 Timing-Based Username Enumeration in DivvyDrive Information Technologies' DivvyDrive Web

Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive Web allows Cross-Domain Search Timing.This issue affects DivvyDrive Web: from 4.8.2.2 before 4.8.2.15...

SUSE-SU-2025:02719-1 Security update for libgcrypt

This update for libgcrypt fixes the following issues: - CVE-2024-2236: timing-based side-channel flaw in RSA implementation can lead to decryption of RSA ciphertexts bsc1221107...

CVE-2024-47057

SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User Enumeration via Timing Attack: A user enumeration vulnerability exists in the...

Mautic allows user name enumeration due to response time difference on password reset form

Summary This advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User Enumeration via Timing Attack: A user enumeration vulnerability exists in the...

CVE-2023-32342

IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could exploit this vulnerability to obtain sensitive information. IB...

When Mitigations Backfire: Timing Channel Attacks and Defense for PRAC-Based RowHammer Mitigations

Per Row Activation Counting PRAC has emerged as a robust framework for mitigating RowHammer RH vulnerabilities in modern DRAM systems. However, we uncover a critical vulnerability: a timing channel introduced by the Alert Back-Off ABO protocol and Refresh Management RFM commands. We present...

CVE-2024-22340

IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack...

CVE-2024-22340

IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow a remote attacker to obtain sensitive information during the creation of ECDSA signatures to perform a timing-based attack...

Linux Distros Unpatched Vulnerability : CVE-2022-4304

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a...

Linux Distros Unpatched Vulnerability : CVE-2024-2467

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a...