Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-208 (通过时间差异性导致的信息暴露) — Vulnerability Class 97

97 vulnerabilities classified as CWE-208 (通过时间差异性导致的信息暴露). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-7071 Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in ocrypto library — ocrypto 7.5 -2025-08-29
CVE-2025-43754 Liferay Portal和Liferay DXP 安全漏洞 — Portal 7.5AIHighAI2025-08-21
CVE-2025-8774 riscv-boom SonicBOOM L1 Data Cache timing discrepancy — SonicBOOM 2.5 Low2025-08-09
CVE-2025-53940 Quiet uses insecure, inconsistent verification on local backend token — quiet 3.7 -2025-07-24
CVE-2025-48995 SignXML's signature verification with HMAC is vulnerable to a timing attack — signxml 5.9AIMediumAI2025-06-02
CVE-2025-46570 vLLM’s Chunk-Based Prefix Caching Vulnerable to Potential Timing Side-Channel — vllm 2.6 Low2025-05-29
CVE-2025-27936 Webhook Secret Exposure via Timing attack in MSteams plugin — Mattermost 5.3 Medium2025-04-16
CVE-2024-36469 User enumeration via timing attack in Zabbix web interface — Zabbix 9.4AICriticalAI2025-04-02
CVE-2024-13939 String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string — String::Compare::ConstantTime 3.7 -2025-03-28
CVE-2025-30344 OpenSlides 安全漏洞 — OpenSlides 5.3 Medium2025-03-21
CVE-2024-22340 IBM Common Cryptographic Architecture information disclosure — Common Cryptographic Architecture 6.5 Medium2025-03-11
CVE-2024-23953 Apache Hive: Timing Attack Against Signature in LLAP util — Apache Hive 6.5 -2025-01-28
CVE-2024-56738 GNU GRUB 安全漏洞 — GRUB2 7.5 -2024-12-29
CVE-2024-52307 authentik allows a timing attack due to missing constant time comparison for metrics view — authentik 9.1AICriticalAI2024-11-21
CVE-2024-41741 IBM TXSeries for Multiplatforms information disclosure — TXSeries for Multiplatforms 5.3 Medium2024-11-01
CVE-2024-7010 Timing Attack in mudler/localai — mudler/localai 5.9AIMediumAI2024-10-29
CVE-2024-47178 basic-auth-connect's callback uses time unsafe string comparison — basic-auth-connect 3.7 -2024-09-30
CVE-2024-45052 Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability — fides 5.3 Medium2024-09-04
CVE-2024-1543 AES T-Table sub-cache-line leakage — wolfSSL 4.1 Medium2024-08-29
CVE-2024-42368 open-telemetry has an Observable Timing Discrepancy — opentelemetry-collector-contrib 6.5 Medium2024-08-13
CVE-2024-29995 Windows Kerberos Elevation of Privilege Vulnerability — Windows 10 Version 1809 8.1 High2024-08-13
CVE-2024-41828 JetBrains TeamCity 安全漏洞 — TeamCity 2.6 Low2024-07-22
CVE-2024-40640 Usage of non-constant time base64 decoder could lead to leakage of secret key material in vodozemac — vodozemac 2.9 Low2024-07-17
CVE-2024-36405 Control-flow timing leak in Kyber reference implementation when compiled with Clang 15-18 for -Os, -O1 and other options — liboqs 5.9 Medium2024-06-10
CVE-2020-35165 Dell BSAFE Micro Edition Suite 安全漏洞 — Dell BSAFE Crypto-C Micro Edition 5.1 Medium2024-05-22
CVE-2024-2467 Perl-crypt-openssl-rsa: side-channel attack in pkcs#1 v1.5 padding mode (marvin attack) 5.9 Medium2024-04-25
CVE-2024-3296 Rust-openssl: timing based side-channel can lead to a bleichenbacher style attack 5.9 Medium2024-04-04
CVE-2023-41313 Apache Doris: Timing Attack weakness — Apache Doris 5.9AIMediumAI2024-03-12
CVE-2024-0202 Cryptlib: rsa key exchange ciphersuites in tls vulnerable to marvin attack 5.9 Medium2024-02-05
CVE-2021-21575 Dell BSAFE Micro Edition Suite 安全漏洞 — BSAFE Micro Edition Suite 5.9 Medium2024-02-02

Vulnerabilities classified as CWE-208 (通过时间差异性导致的信息暴露) represent 97 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.