Falhas do tipo CWE-203
294 resultadosCVE-2023-50781HIGHM2crypto: bleichenbacher timing attacks in the rsa decryption api - incomplete fix for cve-2020-25657EPSS 1.1%CVE-2023-50782HIGHPython-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659EPSS 1.1%CVE-2024-23771CRITICALdarkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypasEPSS 1.1%CVE-2021-34575HIGHInformation Exposure in mymbCONNECT24, mbCONNECT24 <= 2.8.0EPSS 1.0%CVE-2022-0569MEDIUMObservable Discrepancy in snipe/snipe-itEPSS 1.0%CVE-2024-21208LOWVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: NetworkEPSS 1.0%CVE-2024-23218MEDIUMA timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in EPSS 1.0%CVE-2020-15237MEDIUMTiming attack in ShrineEPSS 1.0%CVE-2022-24043—A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXEPSS 1.0%CVE-2024-23342HIGHpython-ecdsa vulnerable to Minerva attack on P-256EPSS 1.0%CVE-2022-36105MEDIUMUser Enumeration via Response Timing in TYPO3EPSS 1.0%CVE-2023-6240MEDIUMKernel: marvin vulnerability side-channel leakage in the rsa decryption operationEPSS 1.0%CVE-2024-21484HIGHVersions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. EPSS 1.0%CVE-2024-25189CRITICALlibjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timingEPSS 1.0%CVE-2022-21659MEDIUMObservable Response Discrepancy in Flask-AppBuilderEPSS 1.0%CVE-2020-15151HIGHObservable Timing Discrepancy in OpenMage LTSEPSS 0.9%CVE-2022-27221MEDIUMA vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtainEPSS 0.9%CVE-2024-30171MEDIUMAn issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes EPSS 0.9%CVE-2024-25190CRITICALl8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timingEPSS 0.9%CVE-2024-25191CRITICALphp-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timingEPSS 0.9%