CVSS: 9.8EPSS: 1%CPEs: 17EXPL: 0CVE-2015-7182 – nss: ASN.1 decoder heap overflow when decoding constructed OCTET STRING that mixes indefinite and definite length encodings (MFSA 2015-133)
https://notcve.org/view.php?id=CVE-2015-7182
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. Desbordamiento de buffer basado en memoria dinámica en el decodificador ASN.1 en Mozilla Network Security Services (NSS) en versiones anteriores a 3.19.2.1 y 3.20.x en versiones anteriores a 3.20.1, como se utiliza en Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 y otros productos, permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) o posiblemente ejecutar código arbitrario a través de datos OCTET STRING manipulados. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 5%CPEs: 11EXPL: 0CVE-2015-7183 – nspr: heap-buffer overflow in PL_ARENA_ALLOCATE (MFSA 2015-133)
https://notcve.org/view.php?id=CVE-2015-7183
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. Desbordamiento de entero en la implementación de PL_ARENA_ALLOCATE en Netscape Portable Runtime (NSPR) en Mozilla Network Security Services (NSS) en versiones anteriores a 3.19.2.1 y 3.20.x en versiones anteriores a 3.20.1, como se utiliza en Firefox en versiones anteriores a 42.0 y Firefox ESR 38.x en versiones anteriores a 38.4 y otros productos, permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria y caída de la aplicación) a través de vectores no especificados. A heap-based buffer overflow was found in NSPR. An attacker could use this flaw to cause NSPR to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSPR library. • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html http • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVSS: 5.1EPSS: 0%CPEs: 30EXPL: 1CVE-2015-2721 – NSS: incorrectly permited skipping of ServerKeyExchange (MFSA 2015-71)
https://notcve.org/view.php?id=CVE-2015-2721
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue. Mozilla Network Security Services (NSS) anterior a 3.19, utilizado en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, Thunderbird anterior a 38.1, y otros productos, no determina correctamente las transiciones de estado para la máquina de estados TLS, lo que permite a atacantes man-in-the-middle derrotar los mecanismos de protección criptográfica mediante el bloqueo de mensajes, tal y como fue demostrado mediante la eliminación de una propiedad de confidencialidad adelantada mediante el bloqueo de un mensaje ServerKeyExchange, también conocido como un problema de 'SMACK SKIP-TLS' . It was found that NSS permitted skipping of the ServerKeyExchange packet during a handshake involving ECDHE (Elliptic Curve Diffie-Hellman key Exchange). A remote attacker could use this flaw to bypass the forward-secrecy of a TLS/SSL connection. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1185.html http://rhn.redhat.com/errata/RHSA-2015-1664.html http://www.debian.org&#x • CWE-310: Cryptographic Issues CWE-358: Improperly Implemented Security Check for Standard •
CVSS: 4.3EPSS: 0%CPEs: 25EXPL: 0CVE-2015-2730 – NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64)
https://notcve.org/view.php?id=CVE-2015-2730
Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors. Mozilla Network Security Services (NSS) anterior a 3.19.1, utilizado en Mozilla Firefox anterior a 39.0, Firefox ESR 31.x anterior a 31.8 y 38.x anterior a 38.1, y otros productos, no realiza correctamente las multiplicaciones Elliptical Curve Cryptography (ECC), lo que facilita a atacantes remotos falsificar firmas ECDSA a través de vectores no especificados. A flaw was found in the way NSS verified certain ECDSA (Elliptic Curve Digital Signature Algorithm) signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks. • http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00033.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00034.html http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html http://rhn.redhat.com/errata/RHSA-2015-1664.html http://rhn.redhat.com/errata/RHSA-2015-1699.html http://www.debian.org&#x • CWE-310: Cryptographic Issues CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 4.3EPSS: 97%CPEs: 42EXPL: 0CVE-2015-4000 – LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
https://notcve.org/view.php?id=CVE-2015-4000
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. El protocolo TLS 1.2 y anteriores, cuando una suite de cifrado DHE_EXPORT está habilitada en un servidor pero no en un cliente, no transporta una elección DHE_EXPORT, lo que permite a atacantes man-in-the-middle realizar ataques de degradación del cifrado mediante la rescritura de un ClientHello con DHE remplazado por DHE_EXPORT y posteriormente la rescritura de un ServerHello con DHE_EXPORT remplazado por DHE, también conocido como el problema 'Logjam'. A flaw was found in the way the TLS protocol composes the Diffie-Hellman exchange (for both export and non-export grade cipher suites). An attacker could use this flaw to downgrade a DHE connection to use export-grade key sizes, which could then be broken by sufficient pre-computation. This can lead to a passive man-in-the-middle attack in which the attacker is able to decrypt all traffic. • http://aix.software.ibm.com/aix/efixes/security/sendmail_advisory2.asc http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04876402 http://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04949778 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10681 http://kb.juniper.net/InfoC • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •