Michal Shagam

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to the implementation of the Kerberos protocol in Windows, which can be manipulated to cause a timing mismatch vulnerability. This can allow a remote attacker to elevate their privileges. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenSC (affected versions not specified) **Description** A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant, potentially resulting in the leak of private data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.