Fallos del tipo CWE-385
40 resultadosCVE-2018-10844MEDIUMIt was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use thisEPSS 3.6%CVE-2018-10845MEDIUMIt was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use thisEPSS 3.6%CVE-2020-25659—python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 EPSS 2.5%CVE-2025-9231MEDIUMTiming side-channel in SM2 algorithm on 64 bit ARMEPSS 2.3%CVE-2020-25657—A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API EPSS 1.7%CVE-2020-25658HIGHIt was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decEPSS 1.6%CVE-2019-3732MEDIUMRSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition SuiteEPSS 1.4%CVE-2023-46809HIGHNode.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched areEPSS 1.3%CVE-2024-2236MEDIUMLibgcrypt: vulnerable to marvin attackEPSS 1.1%CVE-2024-26306MEDIUMiPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption EPSS 1.1%CVE-2022-24409MEDIUMDell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the aEPSS 1.1%CVE-2024-23342HIGHpython-ecdsa vulnerable to Minerva attack on P-256EPSS 1.0%CVE-2020-29506MEDIUMDell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable TEPSS 1.0%CVE-2020-14341—The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connecEPSS 0.9%CVE-2025-59432MEDIUMTiming Attack Vulnerability in SCRAM AuthenticationEPSS 0.8%CVE-2017-2624MEDIUMIt was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. EPSS 0.7%CVE-2024-25964MEDIUMDell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could potentiEPSS 0.7%CVE-2020-35164MEDIUMDell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable TimEPSS 0.7%CVE-2025-0306HIGHRuby: openssl: ruby marvin attackEPSS 0.6%CVE-2020-35166MEDIUMDell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable TimEPSS 0.6%