CWE-385: CWE-385

Total CVEs

Critical

High

5.7

Avg CVSS

Yearly Trend

2025

2024

Top Affected Vendors

1 Dell 1

2 Redhat 1

3 Netapp 1

4 Wolfssl 1

5 Es 1

6 M2crypto Project 1

All CWE-385 CVEs (7)

CVE-2023-50781

7.5

This vulnerability in m2crypto allows attackers to decrypt TLS communications that use RSA key exchanges, potentially exposing sensitive data transmit...

Feb 5, 2024

CVE-2025-0306

7.4

CVE-2025-0306 is a cryptographic vulnerability in Ruby's implementation that enables the Marvin Attack, allowing attackers to decrypt encrypted messag...

Jan 9, 2025

CVE-2024-26306

5.9

This vulnerability in iPerf3 allows attackers to exploit a timing side channel in RSA decryption operations when using OpenSSL with RSA authentication...

May 14, 2024

CVE-2025-27587

5.3

OpenSSL on PowerPC systems is vulnerable to a Minerva side-channel attack that allows extraction of ECDSA private keys by measuring timing differences...

Jun 16, 2025

CVE-2024-25964

5.3

Dell PowerScale OneFS versions 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability that allows remote unauthenticated attackers to p...

Mar 25, 2024

CVE-2025-7396

4.6

CVE-2025-7396 is a side-channel vulnerability in wolfSSL 5.8.2 where Curve25519 blinding is enabled by default only for C implementations, leaving ARM...

Jul 18, 2025

CVE-2024-13176

4.1

A timing side-channel vulnerability in ECDSA signature computations could allow an attacker to recover private keys, particularly affecting the NIST P...

Jan 20, 2025

About CWE-385 (CWE-385)

Our database tracks 7 CVEs classified as CWE-385, with 0 rated critical and 2 rated high severity. The average CVSS score for CWE-385 vulnerabilities is 5.7.

External reference: View CWE-385 on MITRE CWE →

Monitor CWE-385 Vulnerabilities

Get alerted when new CWE-385 CVEs affect your infrastructure.

Start Monitoring Free