Lucene search
K

228 matches found

Vulnrichment
Vulnrichment
added 2024/07/30 7:46 a.m.14 views

CVE-2024-42155 s390/pkey: Wipe copies of protected- and secure-keys

In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected- nor secure-keys is accessible, this key material should only be visible to the calling process. So wipe all copies of protected- or...

6.8AI score0.00188EPSS
Exploits0References2
NVD
NVD
added 2024/07/29 6:15 p.m.16 views

CVE-2024-42098

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize privatekey privatekey is overwritten with the key parameter passed in by the caller if present, or alternatively a newly generated private key. However, it is possible that the caller provides a...

5.5CVSS0.0021EPSS
Exploits0References6
OSV
OSV
added 2024/07/29 5:39 p.m.15 views

CVE-2024-42098 crypto: ecdh - explicitly zeroize private_key

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize privatekey privatekey is overwritten with the key parameter passed in by the caller if present, or alternatively a newly generated private key. However, it is possible that the caller provides a...

5.5CVSS6.1AI score0.0021EPSS
Exploits0References9
Cvelist
Cvelist
added 2024/07/29 5:39 p.m.28 views

CVE-2024-42098 crypto: ecdh - explicitly zeroize private_key

In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize privatekey privatekey is overwritten with the key parameter passed in by the caller if present, or alternatively a newly generated private key. However, it is possible that the caller provides a...

0.0021EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2024/07/17 6:30 p.m.24 views

vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material

Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...

2.9CVSS6.4AI score0.00201EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/07/17 5:27 p.m.10 views

CVE-2024-40640 Usage of non-constant time base64 decoder could lead to leakage of secret key material in vodozemac

vodozemac is an open source implementation of Olm and Megolm in pure Rust. Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some...

2.9CVSS6.3AI score0.00201EPSS
Exploits0References5
OSV
OSV
added 2024/07/17 12:0 p.m.12 views

RUSTSEC-2024-0354 Usage of non-constant time base64 decoder could lead to leakage of secret key material

Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...

2.9CVSS3.4AI score0.00201EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/06/03 10:5 a.m.9 views

CVE-2023-43542 Buffer Copy Without Checking Size of Input in Trusted Execution Environment

Memory corruption while copying a keyblobs material when the key materials size is not accurately checked...

7.8CVSS7.4AI score0.00103EPSS
Exploits0References1
NVD
NVD
added 2023/08/29 9:15 a.m.46 views

CVE-2023-23772

Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...

8.8CVSS7.7AI score0.00419EPSS
Exploits0References1
OSV
OSV
added 2023/08/29 9:15 a.m.3 views

CVE-2023-23772

Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...

8.8CVSS6AI score
Exploits0References1
OSV
OSV
added 2023/08/29 9:15 a.m.6 views

CVE-2023-23773

Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent impla...

8.8CVSS7.5AI score0.00419EPSS
Exploits0References1
Prion
Prion
added 2023/08/29 9:15 a.m.15 views

Code injection

Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extrac...

4.6CVSS8.3AI score0.00199EPSS
Exploits0References1
Prion
Prion
added 2023/08/29 9:15 a.m.17 views

Input validation

Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...

6.5CVSS8.8AI score0.00419EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/29 8:49 a.m.24 views

CVE-2023-23774

Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extrac...

8.4CVSS8.7AI score0.00199EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/29 8:49 a.m.12 views

CVE-2023-23774

Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extrac...

8.4CVSS7.5AI score0.00199EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/29 8:48 a.m.25 views

CVE-2023-23772

Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...

7.2CVSS7.5AI score0.00419EPSS
Exploits0References1
CVE
CVE
added 2023/08/29 8:48 a.m.88 views

CVE-2023-23772

The CVE-2023-23772 issue concerns the Motorola MBTS Site Controller, where firmware update packages are not validated cryptographically. The root cause is lack of firmware update authenticity checks, enabling an authenticated attacker to potentially achieve arbitrary code execution, extract secre...

8.8CVSS8.7AI score0.00419EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/08/29 8:48 a.m.26 views

CVE-2023-23772

Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...

7.2CVSS9AI score0.00419EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/08/29 12:0 a.m.7 views

Motorola MBTS Site Controller 安全漏洞

The Motorola EBTS Base Radio and Motorola MBTS Site Controller are both products of Motorola, U.S.A. The Motorola EBTS Base Radio is a walkie-talkie.The Motorola MBTS Site Controller is a The Motorola EBTS/MBTS Site Controller is a device used to manage and control a Macro Base Transceiver Statio...

8.4CVSS8.3AI score0.00199EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/29 12:0 a.m.5 views

PT-2023-19196 · Motorola · Motorola Ebts/Mbts Base Radio

Name of the Vulnerable Software and Affected Versions: Motorola EBTS/MBTS Base Radio affected versions not specified Description: The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution...

8.8CVSS8.8AI score0.00419EPSS
Exploits0References7
Rows per page
Query Builder