2 matches found
nss: vulnerable to Minerva side-channel information leak
The Network Security Services NSS package contains a vulnerability that exposes a side-channel information leak. This weakness enables a local attacker to capture several thousand usages of a signature, allowing them to utilize this information to recover portions of an ECDSA private key...
PT-2023-24597 · Notation · Notation
Name of the Vulnerable Software and Affected Versions: notation versions prior to v1.0.0-rc.6 Description: The issue allows an attacker who has compromised a registry and added a high number of signatures to an artifact to cause denial of service of services on the machine, if a user runs the...