CWE-203: CWE-203

This vulnerability in HP PC system BIOS could allow attackers to tamper with memory, potentially leading to privilege escalation or system compromise....

This CVE describes a logic error in Android that allows local attackers to obtain any system permission without additional privileges. User interactio...

This vulnerability in Android's InputMethod allows attackers to determine whether specific apps are installed without requiring query permissions, exp...

This vulnerability in Android's Package Installer allows attackers to detect whether specific apps are installed without requiring query permissions, ...

This vulnerability in Android's Slice component allows attackers to detect which applications are installed on a device through side-channel analysis....

A cryptographic flaw in go-ethereum's ECIES implementation allows attackers to extract bits of the p2p node key. This affects all Geth nodes running v...

H3C SSL VPN has a user enumeration vulnerability that allows attackers to determine valid usernames by analyzing login response differences. Attackers...

This vulnerability allows attackers to extract private keys from X25519 cryptographic implementations on Xtensa-based ESP32 chips through timing side-...

This timing attack vulnerability in the parisneo/lollms authentication system allows attackers to enumerate valid usernames and guess passwords by ana...

An unauthenticated remote attacker can access sensitive authentication information in CODESYS OPC UA Server when using the non-default Basic128Rsa15 s...

This vulnerability in Draytek routers allows attackers to perform timing attacks against insecure strcmp/memcmp implementations, potentially revealing...

This vulnerability in Oracle JD Edwards EnterpriseOne Tools allows unauthenticated attackers to remotely access sensitive data via HTTP. It affects We...

An access control vulnerability in AVM FRITZ!Box 7530 AX routers allows unauthenticated attackers to access sensitive system information via the /juis...

CVE-2018-9364 is a vulnerability in LG's LAF component that allows modification of protected partitions without user interaction. This could lead to s...

A timing side-channel vulnerability in IPCOM EX2 and VE2 series devices allows attackers to potentially decrypt encrypted communications by analyzing ...

This vulnerability allows attackers to recover ML-KEM 512 secret keys through timing side-channel attacks when the Kyber reference implementation is c...

This timing attack vulnerability in gaizhenbiao/chuanhuchatgpt allows attackers to guess passwords by measuring how long password comparisons take. At...

This vulnerability in LIVEBOX Collaboration vDesk allows attackers to infer internal system state information through observable response discrepancie...

This vulnerability allows attackers to decrypt RSA-encrypted data by exploiting timing discrepancies in the jsrsasign library's PKCS1.5 and RSAOAEP de...

This CVE describes a timing side-channel vulnerability in Go's RSA-based TLS key exchange implementation prior to version 1.20. Attackers could potent...

CVE-2023-36127 is a user enumeration vulnerability in PHPJabbers Appointment Scheduler 3.0 that allows attackers to determine valid usernames via pass...

The Macrovideo v380pro security camera firmware v1.4.97 exposes device credentials when sharing camera access. This allows unauthorized users to obtai...

SENAYAN Library Management System (SLiMS) Bulian v9.5.2 fails to strip EXIF metadata from uploaded images, allowing attackers to extract sensitive inf...

This vulnerability allows attackers to perform timing attacks against the webhook secret validation in Atlantis, potentially recovering the secret thr...

This vulnerability in Jenkins creates a timing side-channel in the login form that allows attackers to distinguish between invalid usernames and valid...

This vulnerability allows DNS operators to discover internal network resources through hardcoded DNS resolver configurations in Home Assistant systems...

This vulnerability in Best Practical Request Tracker (RT) allows attackers to perform timing attacks against the REST2 authentication middleware, pote...

This vulnerability in Pengutronix barebox bootloader leaks timing information during password hash comparison, allowing attackers to perform timing at...

This vulnerability allows unauthenticated attackers to enumerate valid user accounts in MB connect line mymbCONNECT24 and mbCONNECT24 software. By ana...

This vulnerability in Libgcrypt allows side-channel attacks against ElGamal encryption due to missing exponent blinding and inappropriate window size ...

The Luca COVID-19 contact tracing app for Android versions through 1.7.4 leaks sensitive information about users' COVID-19 status. Remote attackers ca...

This vulnerability in Qualcomm Snapdragon chipsets allows attackers to link RTT (Round Trip Time) frames with non-randomized MAC addresses by comparin...

CVE-2020-1459 is a speculative execution side-channel vulnerability affecting ARM processors that allows local attackers to potentially access sensiti...

This vulnerability allows attackers to forge SASL Role Tokens that pass signature verification due to timing discrepancies in Apache Pulsar's authenti...

CVE-2024-23342 is a vulnerability in the Python ecdsa package that allows attackers to perform side-channel timing attacks (Minerva attack) to extract...

This CVE describes a timing side-channel vulnerability in GnuTLS that allows attackers to perform Bleichenbacher-style attacks against RSA encryption....

This vulnerability allows off-path attackers to hijack TCP sessions on OpenWrt routers with NAT enabled, enabling them to impersonate clients or serve...

This vulnerability allows a physically proximate attacker with elevated privileges to falsify tamper events on Entrust nShield hardware security modul...

This CVE addresses a timing side-channel vulnerability in the Linux kernel's IPv6 Segment Routing (SR) implementation. Attackers could potentially exp...

This CVE describes an information leak vulnerability affecting certain Honor products. Successful exploitation could allow unauthorized access to sens...

This vulnerability in Intel QAT Engine for OpenSSL before version 1.6.1 allows an attacker to infer sensitive information through timing discrepancies...