CWE-385
33 CVEs classified under CWE-385. Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-59425 | High | 7.5 | 2025-10-07 | vLLM is an inference and serving engine for large language models (LLMs). Before version 0.11.0rc2, the API key support in vLLM performs validation using a met… |
CVE-2020-25658 | High | 7.5 | 2020-11-12 | It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the c… |
CVE-2025-0306 | High | 7.4 | 2025-01-09 | A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted mes… |
CVE-2024-23342 | High | 7.4 | 2024-01-22 | The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorith… |
CVE-2020-29506 | Medium | 6.8 | 2022-07-11 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy V… |
CVE-2020-35164 | Medium | 6.7 | 2022-07-11 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vul… |
CVE-2026-6478 | Medium | 6.5 | 2026-05-14 | Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authentica… |
CVE-2025-9231 | Medium | 6.5 | 2025-09-30 | Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM… |
CVE-2024-36405 | Medium | 5.9 | 2024-06-10 | liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A control-flow timing lean has been identif… |
CVE-2024-2236 | Medium | 5.9 | 2024-03-06 | A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack… |
CVE-2023-49092 | Medium | 5.9 | 2023-11-28 | RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through ti… |
CVE-2022-24409 | Medium | 5.9 | 2022-02-23 | Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Onl… |
CVE-2019-3732 | Medium | 5.9 | 2019-09-30 | RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to… |
CVE-2018-10845 | Medium | 5.9 | 2018-08-22 | It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct di… |
CVE-2018-10844 | Medium | 5.9 | 2018-08-22 | It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct di… |
CVE-2017-2624 | Medium | 5.9 | 2018-07-27 | It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is co… |
CVE-2024-23170 | Medium | 5.5 | 2024-01-31 | An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could… |
CVE-2019-19338 | Medium | 5.5 | 2020-07-13 | A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of inst… |
CVE-2016-7056 | Medium | 5.5 | 2018-09-10 | A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys. |
CVE-2024-25964 | Medium | 5.3 | 2024-03-25 | Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could potentially exploit this v… |