CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 1CVE-2019-17007 – nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS
https://notcve.org/view.php?id=CVE-2019-17007
09 Dec 2019 — In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. En Network Security Services versiones anteriores a 3.44, una Secuencia de Certificados Netscape malformado puede causar que NSS se bloquee, resultando en una denegación de servicio Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1533216 • CWE-295: Improper Certificate Validation CWE-476: NULL Pointer Dereference •
CVSS: 8.8EPSS: 0%CPEs: 25EXPL: 0CVE-2019-11745 – nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate
https://notcve.org/view.php?id=CVE-2019-11745
28 Nov 2019 — When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. Al encriptar con un cifrado de bloque, si se realizó una llamada a NSC_EncryptUpdate con datos más pequeños que el tamaño del bloque, podría producirse una pequeña escritura fuera de límites. Es... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00000.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 49EXPL: 0CVE-2019-12262
https://notcve.org/view.php?id=CVE-2019-12262
14 Aug 2019 — Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and 7 has Incorrect Access Control in the RARP client component. IPNET security vulnerability: Handling of unsolicited Reverse ARP replies (Logical Flaw). Wind River VxWorks versiones 6.6, 6.7, 6.8, 6.9 y 7, presenta un Control de Acceso Incorrecto en el componente cliente RARP. Vulnerabilidad de seguridad IPNET: Manejo de respuestas Reverse ARP no solicitadas (Fallo Lógico). • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf •
CVSS: 9.8EPSS: 13%CPEs: 72EXPL: 0CVE-2019-12261
https://notcve.org/view.php?id=CVE-2019-12261
09 Aug 2019 — Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host. Wind River VxWorks versiones 6.7 hasta 6.9 y vx7, presenta un Desbordamiento de Búfer en el componente TCP (problema 3 de 4). Se trata de una vulnerabilidad de seguridad de IPNET: Confusión de estado de TCP Urgent Pointer durante la función connect() a un host remoto. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 21%CPEs: 72EXPL: 0CVE-2019-12260
https://notcve.org/view.php?id=CVE-2019-12260
09 Aug 2019 — Wind River VxWorks 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 2 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion caused by a malformed TCP AO option. Wind River VxWorks versiones 6.9 y vx7, presenta un Desbordamiento de Búfer en el componente TCP (problema 2 de 4). Se trata de una vulnerabilidad de seguridad de IPNET: Confusión de estado de TCP Urgent Pointer causada por una opción AO de TCP malformada. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 11%CPEs: 71EXPL: 1CVE-2019-12258 – URGENT/11 Scanner, Based on Detection Tool by Armis
https://notcve.org/view.php?id=CVE-2019-12258
09 Aug 2019 — Wind River VxWorks 6.6 through vx7 has Session Fixation in the TCP component. This is a IPNET security vulnerability: DoS of TCP connection via malformed TCP options. Wind River VxWorks versiones 6.6 hasta vx7, presenta una Fijación de Sesión en el componente TCP. Se trata de una vulnerabilidad de seguridad de IPNET: DoS de la conexión TCP por medio de opciones TCP malformadas. • https://packetstorm.news/files/id/180933 • CWE-384: Session Fixation •
CVSS: 9.8EPSS: 76%CPEs: 72EXPL: 4CVE-2019-12255 – VxWorks 6.8 - TCP Urgent Pointer = 0 Integer Underflow
https://notcve.org/view.php?id=CVE-2019-12255
09 Aug 2019 — Wind River VxWorks has a Buffer Overflow in the TCP component (issue 1 of 4). This is a IPNET security vulnerability: TCP Urgent Pointer = 0 that leads to an integer underflow. Wind River VxWorks presenta un desbordamiento de búfer en el componente TCP (problema 1 de 4). Esta es una vulnerabilidad de seguridad de IPNET: TCP Urgent Pointer = 0 que conduce a un desbordamiento de enteros. VxWorks version 6.8 suffers from an integer underflow vulnerability. • https://packetstorm.news/files/id/154022 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 4%CPEs: 73EXPL: 0CVE-2019-12265
https://notcve.org/view.php?id=CVE-2019-12265
09 Aug 2019 — Wind River VxWorks 6.5, 6.6, 6.7, 6.8, 6.9.3 and 6.9.4 has a Memory Leak in the IGMPv3 client component. There is an IPNET security vulnerability: IGMP Information leak via IGMPv3 specific membership report. Wind River VxWorks versiones 6.5, 6.6, 6.7, 6.8, 6.9.3 y 6.9.4, presenta una Pérdida de Memoria en el componente cliente IGMPv3. Se presenta una vulnerabilidad de seguridad de IPNET: Un filtrado de información de IGMP por medio de un reporte de membresía específico de IGMPv3. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.1EPSS: 1%CPEs: 71EXPL: 0CVE-2019-12263
https://notcve.org/view.php?id=CVE-2019-12263
09 Aug 2019 — Wind River VxWorks 6.9.4 and vx7 has a Buffer Overflow in the TCP component (issue 4 of 4). There is an IPNET security vulnerability: TCP Urgent Pointer state confusion due to race condition. Wind River VxWorks versiones 6.9.4 y vx7, presenta un Desbordamiento de Búfer en el componente TCP (problema 4 de 4). Se presenta una vulnerabilidad de seguridad de IPNET: Confusión de estado de TCP Urgent Pointer debido a una condición de carrera. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 9%CPEs: 74EXPL: 0CVE-2019-12259
https://notcve.org/view.php?id=CVE-2019-12259
09 Aug 2019 — Wind River VxWorks 6.6, 6.7, 6.8, 6.9 and vx7 has an array index error in the IGMPv3 client component. There is an IPNET security vulnerability: DoS via NULL dereference in IGMP parsing. Wind River VxWorks versiones 6.6, 6.7 , 6.8, 6.9 y vx7, presenta un error de índice de matriz en el componente cliente IGMPv3. Se presenta una vulnerabilidad de seguridad de IPNET: DoS por medio de una desreferencia de NULL en el análisis IGMP. • https://cert-portal.siemens.com/productcert/pdf/ssa-189842.pdf • CWE-476: NULL Pointer Dereference •