Vulnerabilities (CVE)

Filtered by CWE-203
Total 649 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-7006 1 Apple 4 Iphone Os, Safari, Tvos and 1 more 2025-04-20 2.6 LOW 5.3 MEDIUM
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct a timing side-channel attack to bypass the Same Origin Policy and obtain sensitive information via a crafted web site that uses SVG filters.
CVE-2016-6489 3 Canonical, Nettle Project, Redhat 6 Ubuntu Linux, Nettle, Enterprise Linux Desktop and 3 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.
CVE-2017-12373 1 Cisco 10 Adaptive Security Appliance 5505, Adaptive Security Appliance 5505 Firmware, Adaptive Security Appliance 5510 and 7 more 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
A vulnerability in the TLS protocol implementation of legacy Cisco ASA 5500 Series (ASA 5505, 5510, 5520, 5540, and 5550) devices could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions. Cisco Bug IDs: CSCvg97652.
CVE-2017-13099 3 Arubanetworks, Siemens, Wolfssl 4 Instant, Scalance W1750d, Scalance W1750d Firmware and 1 more 2025-04-20 4.3 MEDIUM 7.5 HIGH
wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable wolfSSL application. This vulnerability is referred to as "ROBOT."
CVE-2022-20559 1 Google 1 Android 2025-04-18 N/A 3.3 LOW
In revokeOwnPermissionsOnKill of PermissionManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-219739967
CVE-2022-20538 1 Google 1 Android 2025-04-18 N/A 5.5 MEDIUM
In getSmsRoleHolder of RoleService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-235601770
CVE-2022-20535 1 Google 1 Android 2025-04-18 N/A 3.3 LOW
In registerLocalOnlyHotspotSoftApCallback of WifiManager.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-233605242
CVE-2022-26382 1 Mozilla 1 Firefox 2025-04-16 N/A 4.3 MEDIUM
While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the text by using specially crafted fonts could have lead to this text being inferred by the webpage. This vulnerability affects Firefox < 98.
CVE-2022-34477 1 Mozilla 1 Firefox 2025-04-15 N/A 7.5 HIGH
The MediaError message property should be consistent to avoid leaking information about cross-origin resources; however for a same-site cross-origin resource, the message could have leaked information enabling XS-Leaks attacks. This vulnerability affects Firefox < 102.
CVE-2022-31742 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2025-04-15 N/A 6.5 MEDIUM
An attacker could have exploited a timing attack by sending a large number of allowCredential entries and detecting the difference between invalid key handles and cross-origin key handles. This could have led to cross-origin account linking in violation of WebAuthn goals. This vulnerability affects Thunderbird < 91.10, Firefox < 101, and Firefox ESR < 91.10.
CVE-2024-11084 2025-04-15 N/A N/A
Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists.
CVE-2022-45403 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2025-04-15 N/A 6.5 MEDIUM
Service Workers should not be able to infer information about opaque cross-origin responses; but timing information for cross-origin media combined with Range requests might have allowed them to determine the presence or length of a media file. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CVE-2022-45416 1 Mozilla 3 Firefox, Firefox Esr, Thunderbird 2025-04-15 N/A 6.5 MEDIUM
Keyboard events reference strings like "KeyA" that were at fixed, known, and widely-spread addresses. Cache-based timing attacks such as Prime+Probe could have possibly figured out which keys were being pressed. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
CVE-2022-44381 1 Snipeitapp 1 Snipe-it 2025-04-15 N/A 5.3 MEDIUM
Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request.
CVE-2023-3640 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-15 N/A 7.0 HIGH
A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.
CVE-2022-41765 1 Mediawiki 1 Mediawiki 2025-04-14 N/A 5.3 MEDIUM
An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. HTMLUserTextField exposes the existence of hidden users.
CVE-2016-2178 6 Canonical, Debian, Nodejs and 3 more 7 Ubuntu Linux, Debian Linux, Node.js and 4 more 2025-04-12 2.1 LOW 5.5 MEDIUM
The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack.
CVE-2024-13939 1 Fractal 1 String\ 2025-04-11 N/A 7.5 HIGH
String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string. As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string may be leaked (but not its contents)." This is similar to CVE-2020-36829
CVE-2013-1620 4 Canonical, Mozilla, Oracle and 1 more 15 Ubuntu Linux, Network Security Services, Enterprise Manager Ops Center and 12 more 2025-04-11 4.3 MEDIUM N/A
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
CVE-2022-47952 1 Linuxcontainers 1 Lxc 2025-04-10 N/A 3.3 LOW
lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because "Failed to open" often indicates that a file does not exist, whereas "does not refer to a network namespace path" often indicates that a file exists. NOTE: this is different from CVE-2018-6556 because the CVE-2018-6556 fix design was based on the premise that "we will report back to the user that the open() failed but the user has no way of knowing why it failed"; however, in many realistic cases, there are no plausible reasons for failing except that the file does not exist.