CWE-208

145 CVEs classified under CWE-208. Browse by severity and year.

Top CVEs for CWE-208
CVESeverityScorePublishedSummary
CVE-2026-23519Critical9.82026-01-15RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches b…
CVE-2023-41313Critical9.82024-03-12The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8…
CVE-2021-43298Critical9.82022-01-25The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that a…
CVE-2026-41588Critical9.02026-05-08RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue h…
CVE-2024-42512High8.62025-02-10Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Bas…
CVE-2026-47784High8.12026-05-20In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_chec…
CVE-2026-47783High8.12026-05-20In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username…
CVE-2026-42602High8.12026-05-13azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party wh…
CVE-2024-29995High8.12024-08-13Windows Kerberos Elevation of Privilege Vulnerability
CVE-2023-25529High8.02023-09-20NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s sess…
CVE-2026-47373High7.52026-05-20Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing c…
CVE-2026-40972High7.52026-04-28An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme ci…
CVE-2026-5086High7.52026-04-13Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaint…
CVE-2025-70949High7.52026-03-05An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel.
CVE-2024-13939High7.52025-03-28String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated…
CVE-2022-31142High7.52022-07-14@fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use…
CVE-2021-42016High7.52022-03-08A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGG…
CVE-2026-27856High7.42026-03-27Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured cre…
CVE-2025-48630High7.42026-03-02In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to l…
CVE-2025-68621High7.42026-02-06Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0…