Page 2 of 27 results (0.004 seconds)

CVSS: 5.9EPSS: 4%CPEs: 1EXPL: 0

CVE-2018-12384 – nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello

https://notcve.org/view.php?id=CVE-2018-12384

When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3. Cuando se maneja una petición ClientHello compatible con SSLv2, el servidor no genera un nuevo valor aleatorio, sino que envía un valor All-Zero en su lugar. Esto conlleva a una maleabilidad completa del ClientHello para SSLv2 usado para TLS 1.2 en todas las versiones anteriores a NSS 3.39. • https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384 https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html https://access.redhat.com/security/cve/CVE-2018-12384 https://bugzilla.redhat.com/show_bug.cgi?id=1622089 • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 2

CVE-2016-9574

https://notcve.org/view.php?id=CVE-2016-9574

nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA. nss en versiones anteriores a la 3.30 es vulnerable a una denegación de servicio (DoS) remota durante el handshake de sesión al emplear la extensión SessionTicket y ECDHE-ECDSA. • https://bugzilla.mozilla.org/show_bug.cgi?id=1320695 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574 • CWE-325: Missing Cryptographic Step CWE-384: Session Fixation •

CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0

CVE-2017-5462

https://notcve.org/view.php?id=CVE-2017-5462

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Error en la generación de números DRBG en la biblioteca Network Security Services (NSS) cuando el V de estado interno no transporta bits correctamente. La biblioteca NSS ha sido actualizada para solucionar este problema y Firefox ESR 52.1 ha sido actualizado con la versión 3.28.4 de NSS. • http://www.securityfocus.com/bid/97940 http://www.securitytracker.com/id/1038320 https://bugzilla.mozilla.org/show_bug.cgi?id=1345089 https://security.gentoo.org/glsa/201705-04 https://www.debian.org/security/2017/dsa-3831 https://www.debian.org/security/2017/dsa-3872 https://www.mozilla.org/security/advisories/mfsa2017-10 https://www.mozilla.org/security/advisories/mfsa2017-11 https://www.mozilla.org/security/advisories/mfsa2017-12 https://www.mozilla.org/security/advisories • CWE-682: Incorrect Calculation •

CVSS: 9.8EPSS: 5%CPEs: 4EXPL: 0

CVE-2017-5461 – nss: Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c (MFSA 2017-10)

https://notcve.org/view.php?id=CVE-2017-5461

Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations. Los servicios de Seguridad de Red de Mozilla (Network Security Services o NSS) en versiones anteriores a la 3.21.4, versiones de las 3.22.x a las 3.28.x anteriores a la 3.28.4, versiones 3.29.x anteriores a la 3.29.5 y versiones 3.30.x anteriores a la 3.30.1 permiten que atacantes remotos provoquen una denegación de servicio (escritura fuera de límites) o que, probablemente, causen otro impacto no especificado aprovechando operaciones en base64 incorrectas. An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. • http://www.debian.org/security/2017/dsa-3831 http://www.debian.org/security/2017/dsa-3872 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/98050 http://www.securitytracker.com/id/1038320 https://access.redhat.com/errata/RHSA-2017:1100 https://access.redhat.com/errata/RHSA-2017:1101 https://access.redhat.com/errata/RHSA-2017:1102 https://access. • CWE-787: Out-of-bounds Write •

CVSS: 9.3EPSS: 1%CPEs: 15EXPL: 0

CVE-2016-2834 – nss: Multiple security flaws (MFSA 2016-61)

https://notcve.org/view.php?id=CVE-2016-2834

Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. Mozilla Network Security Services (NSS) en versiones anteriores a3.23, tal como se utiliza en Mozilla Firefox en versiones anteriores a 47.0, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the application. • http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html http://rhn.redhat.com/errata/RHSA-2016-2779.html http://www.debian.org/security/2016/dsa-3688 http://www.mozilla.org/security/announce/2016/mfsa2016-61.html http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.oracle.com/technetwork/secur •