CWE-208
145 CVEs classified under CWE-208. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-23519 | Critical | 9.8 | 2026-01-15 | RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches b… |
CVE-2023-41313 | Critical | 9.8 | 2024-03-12 | The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks. Users are recommended to upgrade to version 2.0.0 + or 1.2.8… |
CVE-2021-43298 | Critical | 9.8 | 2022-01-25 | The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that a… |
CVE-2026-41588 | Critical | 9.0 | 2026-05-08 | RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue h… |
CVE-2024-42512 | High | 8.6 | 2025-02-10 | Vulnerability in the OPC UA .NET Standard Stack before 1.5.374.158 allows an unauthorized attacker to bypass application authentication when the deprecated Bas… |
CVE-2026-47784 | High | 8.1 | 2026-05-20 | In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_chec… |
CVE-2026-47783 | High | 8.1 | 2026-05-20 | In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username… |
CVE-2026-42602 | High | 8.1 | 2026-05-13 | azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party wh… |
CVE-2024-29995 | High | 8.1 | 2024-08-13 | Windows Kerberos Elevation of Privilege Vulnerability |
CVE-2023-25529 | High | 8.0 | 2023-09-20 | NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s sess… |
CVE-2026-47373 | High | 7.5 | 2026-05-20 | Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison. Discrepencies in timing c… |
CVE-2026-40972 | High | 7.5 | 2026-04-28 | An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme ci… |
CVE-2026-5086 | High | 7.5 | 2026-04-13 | Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaint… |
CVE-2025-70949 | High | 7.5 | 2026-03-05 | An observable timing discrepancy in @perfood/couch-auth v0.26.0 allows attackers to access sensitive information via a timing side-channel. |
CVE-2024-13939 | High | 7.5 | 2025-03-28 | String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated… |
CVE-2022-31142 | High | 7.5 | 2022-07-14 | @fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. @fastify/bearer-auth prior to versions 7.0.2 and 8.0.1 does not securely use… |
CVE-2021-42016 | High | 7.5 | 2022-03-08 | A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i801, RUGGEDCOM i802, RUGGEDCOM i803, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2200, RUGG… |
CVE-2026-27856 | High | 7.4 | 2026-03-27 | Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured cre… |
CVE-2025-48630 | High | 7.4 | 2026-03-02 | In drawLayersInternal of SkiaRenderEngine.cpp, there is a possible way to access the GPU cache due to side channel information disclosure. This could lead to l… |
CVE-2025-68621 | High | 7.4 | 2026-02-06 | Trilium Notes is an open-source, cross-platform hierarchical note taking application with focus on building large personal knowledge bases. Prior to 0.101.0… |