CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3479 – Gentoo Linux Security Advisory 202212-05
https://notcve.org/view.php?id=CVE-2022-3479
14 Oct 2022 — A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash. Una vulnerabilidad encontrada en nss. Por esta vulnerabilidad de seguridad, el cliente nss es bloqueado sin un certificado de usuario en la base de datos y esto puede conllevar a un fallo de segmentación o un bloqueo It was discovered that NSS incorrectly handled client authentication without a user certificate in the database. ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1774654 •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-25648 – nss: TLS 1.3 CCS flood remote DoS Attack
https://notcve.org/view.php?id=CVE-2020-25648
20 Oct 2020 — A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. Se encontró un fallo en la manera en que NSS manejaba los mensajes CCS (ChangeCipherSpec) en TLS versión 1.3. • https://bugzilla.redhat.com/show_bug.cgi?id=1887319 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 10.0EPSS: 0%CPEs: 21EXPL: 1CVE-2019-17006 – nss: Check length of inputs for cryptographic primitives
https://notcve.org/view.php?id=CVE-2019-17006
09 Jan 2020 — In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. En Network Security Services (NSS) versiones anteriores a 3.46, varias primitivas criptográficas presentaban una falta de comprobación de longitud. En los casos en que la aplicación que llama a la biblioteca no llevó a cabo una comprobación de saneo ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1539788 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 1CVE-2019-17007 – nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS
https://notcve.org/view.php?id=CVE-2019-17007
09 Dec 2019 — In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. En Network Security Services versiones anteriores a 3.44, una Secuencia de Certificados Netscape malformado puede causar que NSS se bloquee, resultando en una denegación de servicio Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the ... • https://bugzilla.mozilla.org/show_bug.cgi?id=1533216 • CWE-295: Improper Certificate Validation CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0CVE-2018-18508 – nss: NULL pointer dereference in several CMS functions resulting in a denial of service
https://notcve.org/view.php?id=CVE-2018-18508
27 Feb 2019 — In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service. En Network Security Services (NSS) versiones anteriores a 3.36.7 y versiones anteriores a 3.41.1, una firma malformada puede causar un bloqueo debido a una desreferencia de null, resultando en una Denegación de Servicio USN-3898-1 fixed a vulnerability in NSS. This update provides the corresponding update for Ubuntu 12.04 ESM. Hanno BAPck an... • https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 48%CPEs: 1EXPL: 0CVE-2018-12404 – nss: Cache side-channel variant of the Bleichenbacher attack
https://notcve.org/view.php?id=CVE-2018-12404
05 Dec 2018 — A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. Un ataque de canal lateral en caché durante transacciones usando RSA podría permitir el descifrado de contenido encriptado. Esta es una variante del ataque Adaptive Chosen Ciphertext (conocido como ataque Bleichenbacher) y afecta a todas las versiones de N... • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00021.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12384 – nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello
https://notcve.org/view.php?id=CVE-2018-12384
25 Sep 2018 — When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3. Cuando se maneja una petición ClientHello compatible con SSLv2, el servidor no genera un nuevo valor aleatorio, sino que envía un valor All-Zero en su lugar. Esto conlleva a una maleabilidad completa del ClientHello para SSLv2 us... • https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2018-12384 • CWE-335: Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 2CVE-2016-9574
https://notcve.org/view.php?id=CVE-2016-9574
19 Jul 2018 — nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA. nss en versiones anteriores a la 3.30 es vulnerable a una denegación de servicio (DoS) remota durante el handshake de sesión al emplear la extensión SessionTicket y ECDHE-ECDSA. • https://bugzilla.mozilla.org/show_bug.cgi?id=1320695 • CWE-325: Missing Cryptographic Step CWE-384: Session Fixation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2017-11695 – Gentoo Linux Security Advisory 202003-37
https://notcve.org/view.php?id=CVE-2017-11695
09 Aug 2017 — Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. Desbordamiento de búfer basado en memoria dinámica (heap) en la función alloc_segs en lib/dbm/src/hash.c en Mozilla Network Security Services (NSS) permite que atacantes dependientes del contexto provoquen un impacto no especificado empleando un archivo cert8.db manipulado. Multiple vulnerabilities ... • https://packetstorm.news/files/id/143735 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2017-11696 – Gentoo Linux Security Advisory 202003-37
https://notcve.org/view.php?id=CVE-2017-11696
09 Aug 2017 — Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. Desbordamiento de búfer basado en memoria dinámica (heap) en la función __hash_open en lib/dbm/src/hash.c en Mozilla Network Security Services (NSS) permite que atacantes dependientes del contexto provoquen un impacto no especificado empleando un archivo cert8.db manipulado. Multiple vulnerabilitie... • https://packetstorm.news/files/id/143735 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •