Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
137 vulnerabilities with CWE-208
CVE-2020-4071
LOW
django-basic-auth-ip-whitelist <0.3.4 - Info Disclosure
CVSS 2.2
CVE-2020-11037
MEDIUM
Wagtail <2.7.3-2.8.2 - Info Disclosure
CVSS 6.1
CVE-2019-16782
MEDIUM
Rack <1.6.12, 2.0.8 - Info Disclosure
CVSS 6.3
CVE-2019-13420
MEDIUM
Search Guard <21.0 - Info Disclosure
CVSS 5.9
CVE-2019-9494
MEDIUM
Hostapd & Wpa_Supplicant <2.7 - Info Disclosure
CVSS 5.9
CVE-2017-20240
MEDIUM
Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks
CVSS 5.9
CVE-2016-15015
LOW
viafintech Barzahlen Payment Module PHP SDK <2.0.1 - Info Disclosure
CVSS 2.6
CVE-2016-10535
MEDIUM
csrf-lite < 0.1.1 - Timing Attack via String Comparison
CVSS 5.9
CVE-2014-125056
LOW
Pylons horus < 2014-05-07 - Observable Timing Discrepancy in local/services.py
CVSS 2.6
CVE-2014-125055
LOW
agnivade easy-scrypt <1.0.0 - Info Disclosure
CVSS 2.6
CVE-2013-10006
LOW
Ziftr primecoin <0.8.4rc1 - Timing Discrepancy
CVSS 2.6
CVE-2010-10006
LOW
michaelliao jopenid - Info Disclosure
CVSS 2.6
Details
Vulnerabilities
137