CVEs classified under CWE-385, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (31)
CVE-2026-5598 — CVSS 7.5 (high): Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is…
CVE-2025-59425 — CVSS 7.5 (high): vLLM is an inference and serving engine for large language models (LLMs). Before version 0.11.0rc2, the API key support in vLLM performs…
CVE-2020-25658 — CVSS 7.5 (high): It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to…
CVE-2025-0306 — CVSS 7.4 (high): A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt…
CVE-2023-46809 — CVSS 7.4 (high): Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched…
CVE-2023-3640 — CVSS 7.0 (high): A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user…
CVE-2020-29506 — CVSS 6.8 (medium): Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable…
CVE-2020-35164 — CVSS 6.7 (medium): Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable…
CVE-2026-6478 — CVSS 6.5 (medium): Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials…
CVE-2025-9231 — CVSS 6.5 (medium): Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm…
CVE-2024-26306 — CVSS 5.9 (medium): iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption…
CVE-2024-2236 — CVSS 5.9 (medium): A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a…
CVE-2022-24409 — CVSS 5.9 (medium): Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the…
CVE-2020-25657 — CVSS 5.9 (medium): A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API…
CVE-2020-25659 — CVSS 5.9 (medium): python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5…
CVE-2018-10845 — CVSS 5.9 (medium): It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use…
CVE-2018-10844 — CVSS 5.9 (medium): It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use…
CVE-2018-10846 — CVSS 5.6 (medium): A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker…
CVE-2016-7056 — CVSS 5.5 (medium): A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256…
CVE-2025-27587 — CVSS 5.3 (medium): OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of…
CVE-2024-45192 — CVSS 5.3 (medium): An issue was discovered in Matrix libolm through 3.2.16. Cache-timing attacks can occur due to use of base64 when decoding group session…
CVE-2024-25964 — CVSS 5.3 (medium): Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could…
CVE-2025-66442 — CVSS 5.1 (medium): In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's…
CVE-2024-11862: Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption…
CVE-2020-35166 — CVSS 5.1 (medium): Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable…
CVE-2025-69893 — CVSS 4.6 (medium): A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0…
CVE-2025-7396 — CVSS 4.6 (medium): In wolfSSL release 5.8.2 blinding support is turned on by default for Curve25519 in applicable builds. The blinding configure option is…
CVE-2024-13176 — CVSS 4.1 (medium): Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation…
CVE-2025-49087 — CVSS 4.0 (medium): In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the…
CVE-2023-33855 — CVSS 3.7 (low): Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit…
CVE-2020-14341 — CVSS 2.7 (low): The "Test Connection" available in v7.x of the Red Hat Single Sign On application console can permit an authorized user to cause SMTP…