Vulnerabilities > Covert Timing Channel

DATE CVE VULNERABILITY TITLE RISK
2024-01-23 CVE-2024-23342 Covert Timing Channel vulnerability in Tlsfuzzer Ecdsa
The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman).
network
high complexity
tlsfuzzer CWE-385
7.4
2021-01-12 CVE-2020-25657 Covert Timing Channel vulnerability in multiple products
A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext.
network
high complexity
m2crypto-project redhat fedoraproject CWE-385
5.9
2021-01-12 CVE-2020-14341 Covert Timing Channel vulnerability in Redhat Single Sign-On
The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP connections to be attempted to arbitrary hosts and ports of the user's choosing, and originating from the RHSSO installation.
network
low complexity
redhat CWE-385
2.7
2020-11-12 CVE-2020-25658 Covert Timing Channel vulnerability in multiple products
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks.
5.9
2018-09-10 CVE-2016-7056 Covert Timing Channel vulnerability in multiple products
A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.
local
low complexity
openssl debian redhat canonical CWE-385
5.5
2018-08-22 CVE-2018-10846 Covert Timing Channel vulnerability in multiple products
A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found.
5.6
2018-08-22 CVE-2018-10845 Covert Timing Channel vulnerability in multiple products
It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack.
network
high complexity
gnu redhat canonical fedoraproject debian CWE-385
5.9
2018-08-22 CVE-2018-10844 Covert Timing Channel vulnerability in multiple products
It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack.
network
high complexity
gnu redhat canonical fedoraproject debian CWE-385
5.9