CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2017-11697 – Gentoo Linux Security Advisory 202003-37
https://notcve.org/view.php?id=CVE-2017-11697
09 Aug 2017 — The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file. La función __hash_open en hash.c:229 en Mozilla Network Security Services (NSS) permite que atacantes dependientes del contexto provoquen una denegación de servicio (excepción de punto flotante y cierre inesperado) mediante un archivo cert8.db manipulado. Multiple vulnerabilities have been found in ... • https://packetstorm.news/files/id/143735 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2017-11698 – Gentoo Linux Security Advisory 202003-37
https://notcve.org/view.php?id=CVE-2017-11698
09 Aug 2017 — Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. Desbordamiento de búfer basado en memoria dinámica (heap) en la función __get_page en lib/dbm/src/h_page.c en Mozilla Network Security Services (NSS) permite que atacantes dependientes del contexto provoquen un impacto no especificado empleando un archivo cert8.db manipulado. Multiple vulnerabilit... • https://packetstorm.news/files/id/143735 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 18EXPL: 0CVE-2017-7502 – nss: Null pointer dereference when handling empty SSLv2 messages
https://notcve.org/view.php?id=CVE-2017-7502
30 May 2017 — Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker. Se ha encontrado una vulnerabilidad de desreferencia de puntero NULL en NSS desde la versión 3.24.0 en la que el servidor recibe mensajes SSLv2 vacíos, lo que da lugar a una denegación de servicio (DoS) por parte de atacantes remotos. A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this... • http://www.debian.org/security/2017/dsa-3872 • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-5461 – nss: Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c (MFSA 2017-10)
https://notcve.org/view.php?id=CVE-2017-5461
20 Apr 2017 — Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations. Los servicios de Seguridad de Red de Mozilla (Network Security Services o NSS) en versiones anteriores a la 3.21.4, versiones de las 3.22.x a las 3.28.x anteriores a la 3.28.4, versiones 3.29.x anteriores a la 3.2... • http://www.debian.org/security/2017/dsa-3831 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 1%CPEs: 6EXPL: 0CVE-2017-5462 – Gentoo Linux Security Advisory 201705-04
https://notcve.org/view.php?id=CVE-2017-5462
20 Apr 2017 — A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Error en la generación de números DRBG en la biblioteca Network Security Services (NSS) cuando el V de estado interno no tra... • http://www.securityfocus.com/bid/97940 • CWE-682: Incorrect Calculation •
CVSS: 5.9EPSS: 0%CPEs: 19EXPL: 0CVE-2016-8635 – nss: small-subgroups attack flaw
https://notcve.org/view.php?id=CVE-2016-8635
16 Nov 2016 — It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. Se ha descubierto que el manejo del intercambio de claves de cliente Diffie Hellman en NSS 3.21.x era vulnerable a un ataque de confinamiento de subgrupo pequeño. Un atacante podría emplear este error para recuperar claves privadas confinando la clave DH d... • http://rhn.redhat.com/errata/RHSA-2016-2779.html • CWE-320: Key Management Errors CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 9.3EPSS: 1%CPEs: 15EXPL: 0CVE-2016-2834 – nss: Multiple security flaws (MFSA 2016-61)
https://notcve.org/view.php?id=CVE-2016-2834
09 Jun 2016 — Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. Mozilla Network Security Services (NSS) en versiones anteriores a3.23, tal como se utiliza en Mozilla Firefox en versiones anteriores a 47.0, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posible... • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2016-1978 – nss: Use-after-free in NSS during SSL connections in low memory (MFSA 2016-15)
https://notcve.org/view.php?id=CVE-2016-1978
13 Mar 2016 — Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. Vulnerabilidad de uso después de liberación de memoria en la función ssl3_HandleECDHServerKeyExchange en Mozilla Network Security Services (NSS) en versiones... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2016-1979 – nss: Use-after-free during processing of DER encoded keys in NSS (MFSA 2016-36)
https://notcve.org/view.php?id=CVE-2016-1979
13 Mar 2016 — Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. Vulnerabilidad de uso después de liberación de memoria en la función PK11_ImportDERPrivateKeyInfoAndReturnKey en Mozilla Network Security Services (NSS) en versiones anteriores a 3.21.1, como s... • http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html •
CVSS: 8.8EPSS: 3%CPEs: 33EXPL: 0CVE-2016-1950 – nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35)
https://notcve.org/view.php?id=CVE-2016-1950
09 Mar 2016 — Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. El desbordamiento de buffer basado en memoria dinámica en Mozilla Network Security Services (NSS) en versiones anteriores a 3.19.2.3 y 3.20.x y 3.21.x en versiones anteriores a 3.21.1, tal y como se utiliza en Mozilla ... • http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •