Lucene search
K

16 matches found

OSV
OSV
added 2026/01/13 3:10 p.m.3 views

GHSA-HCP2-X6J4-29J7 RustCrypto: Signatures has timing side-channel in ML-DSA decomposition

Summary A timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. Details The analysis was performed using a constant-time analyzer that examines compiled assembly code for instructions with data-dependent timing...

6.4CVSS6.9AI score0.00173EPSS
Exploits0References6
OSV
OSV
added 2025/12/12 12:0 p.m.10 views

RUSTSEC-2025-0144 Timing side-channel in ML-DSA decomposition

Summary A timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. Details The analysis was performed using a constant-time analyzer that examines compiled assembly code for instructions with data-dependent timing...

6.4CVSS6.1AI score0.00173EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 3:19 a.m.4 views

CVE-2023-23773

Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent impla...

8.8CVSS7.5AI score0.00419EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:19 a.m.5 views

CVE-2023-23772

Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...

8.8CVSS7.4AI score0.00419EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/07/17 6:30 p.m.24 views

vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material

Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...

2.9CVSS6.4AI score0.00201EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/07/17 12:0 p.m.12 views

RUSTSEC-2024-0354 Usage of non-constant time base64 decoder could lead to leakage of secret key material

Versions before 0.7.0 of vodozemac use a non-constant time base64 implementation for importing key material for Megolm group sessions and PkDecryption Ed25519 secret keys. This flaw might allow an attacker to infer some information about the secret key material through a side-channel attack. Impa...

2.9CVSS3.4AI score0.00201EPSS
Exploits0References3
NVD
NVD
added 2023/08/29 9:15 a.m.46 views

CVE-2023-23772

Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...

8.8CVSS7.7AI score0.00419EPSS
Exploits0References1
OSV
OSV
added 2023/08/29 9:15 a.m.6 views

CVE-2023-23773

Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent impla...

8.8CVSS7.5AI score0.00419EPSS
Exploits0References1
Prion
Prion
added 2023/08/29 9:15 a.m.17 views

Input validation

Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...

6.5CVSS8.8AI score0.00419EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/08/29 9:15 a.m.15 views

Code injection

Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extrac...

4.6CVSS8.3AI score0.00199EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/08/29 8:49 a.m.24 views

CVE-2023-23774

Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extrac...

8.4CVSS8.7AI score0.00199EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/29 8:49 a.m.12 views

CVE-2023-23774

Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extrac...

8.4CVSS7.5AI score0.00199EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/08/29 8:48 a.m.26 views

CVE-2023-23772

Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...

7.2CVSS9AI score0.00419EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/29 8:48 a.m.25 views

CVE-2023-23772

Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a...

7.2CVSS7.5AI score0.00419EPSS
Exploits0References1
CVE
CVE
added 2023/08/29 8:48 a.m.88 views

CVE-2023-23772

The CVE-2023-23772 issue concerns the Motorola MBTS Site Controller, where firmware update packages are not validated cryptographically. The root cause is lack of firmware update authenticity checks, enabling an authenticated attacker to potentially achieve arbitrary code execution, extract secre...

8.8CVSS8.7AI score0.00419EPSS
Exploits0References1Affected Software1
Gentoo Linux
Gentoo Linux
added 2020/08/19 12:0 a.m.65 views

Mozilla Network Security Service (NSS): Multiple vulnerabilities

Background The Mozilla Network Security Service NSS is a library implementing security features like SSL v.2/v.3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME and X.509 certificates. Description Multiple vulnerabilities have been discovered in NSS. Please review the CVE identifiers referenced...

9.1CVSS2.7AI score0.01541EPSS
Exploits0
Rows per page
Query Builder