CVSS: 5.9EPSS: 10%CPEs: 1EXPL: 0CVE-2018-12404 – nss: Cache side-channel variant of the Bleichenbacher attack
https://notcve.org/view.php?id=CVE-2018-12404
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. Un ataque de canal lateral en caché durante transacciones usando RSA podría permitir el descifrado de contenido encriptado. Esta es una variante del ataque Adaptive Chosen Ciphertext (conocido como ataque Bleichenbacher) y afecta a todas las versiones de NSS anteriores a NSS 3.41. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html http://www.securityfocus.com/bid/107260 https://access.redhat.com/errata/RHSA-2019:2237 https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12404 https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf https://lists.debian.org/debian-lts-announce/2020/09/msg00029.html https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04 https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html ht • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 4%CPEs: 1EXPL: 0CVE-2018-12384 – nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello
https://notcve.org/view.php?id=CVE-2018-12384
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3. Cuando se maneja una petición ClientHello compatible con SSLv2, el servidor no genera un nuevo valor aleatorio, sino que envía un valor All-Zero en su lugar. Esto conlleva a una maleabilidad completa del ClientHello para SSLv2 usado para TLS 1.2 en todas las versiones anteriores a NSS 3.39. • https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384 https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://access.redhat.com/security/cve/CVE-2018-12384 https://bugzilla.redhat.com/show_bug.cgi?id=1622089 • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 2CVE-2016-9574
https://notcve.org/view.php?id=CVE-2016-9574
nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA. nss en versiones anteriores a la 3.30 es vulnerable a una denegación de servicio (DoS) remota durante el handshake de sesión al emplear la extensión SessionTicket y ECDHE-ECDSA. • https://bugzilla.mozilla.org/show_bug.cgi?id=1320695 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574 • CWE-325: Missing Cryptographic Step CWE-384: Session Fixation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-11695 – NSS Buffer Overflows / Floating Point Exception
https://notcve.org/view.php?id=CVE-2017-11695
Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. Desbordamiento de búfer basado en memoria dinámica (heap) en la función alloc_segs en lib/dbm/src/hash.c en Mozilla Network Security Services (NSS) permite que atacantes dependientes del contexto provoquen un impacto no especificado empleando un archivo cert8.db manipulado. Network Security Services (NSS) suffers from a floating point exception and multiple heap buffer overflow vulnerabilities. • http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html http://seclists.org/fulldisclosure/2017/Aug/17 http://www.geeknik.net/9brdqk6xu http://www.securityfocus.com/bid/100345 http://www.securitytracker.com/id/1039153 https://security.gentoo.org/glsa/202003-37 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-11696 – NSS Buffer Overflows / Floating Point Exception
https://notcve.org/view.php?id=CVE-2017-11696
Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. Desbordamiento de búfer basado en memoria dinámica (heap) en la función __hash_open en lib/dbm/src/hash.c en Mozilla Network Security Services (NSS) permite que atacantes dependientes del contexto provoquen un impacto no especificado empleando un archivo cert8.db manipulado. Network Security Services (NSS) suffers from a floating point exception and multiple heap buffer overflow vulnerabilities. • http://packetstormsecurity.com/files/143735/NSS-Buffer-Overflows-Floating-Point-Exception.html http://seclists.org/fulldisclosure/2017/Aug/17 http://www.geeknik.net/9brdqk6xu http://www.securityfocus.com/bid/100345 http://www.securitytracker.com/id/1039153 https://security.gentoo.org/glsa/202003-37 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •