49 results (0.017 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash. Una vulnerabilidad encontrada en nss. Por esta vulnerabilidad de seguridad, el cliente nss es bloqueado sin un certificado de usuario en la base de datos y esto puede conllevar a un fallo de segmentación o un bloqueo • https://bugzilla.mozilla.org/show_bug.cgi?id=1774654 https://bugzilla.redhat.com/show_bug.cgi?id=2134331 https://security.gentoo.org/glsa/202212-05 •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. Se encontró un fallo en la manera en que NSS manejaba los mensajes CCS (ChangeCipherSpec) en TLS versión 1.3. • https://bugzilla.redhat.com/show_bug.cgi?id=1887319 https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E https://lists.debian.org/debian-lts-announce/2023/10/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERA5SVJQXQMDGES7RIT4F4NQVLD35RXN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproje • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 10.0EPSS: 0%CPEs: 21EXPL: 1

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. En Network Security Services (NSS) versiones anteriores a 3.46, varias primitivas criptográficas presentaban una falta de comprobación de longitud. En los casos en que la aplicación que llama a la biblioteca no llevó a cabo una comprobación de saneo en las entradas, lo que podría resultar en un bloqueo debido a un desbordamiento del búfer A vulnerability was discovered in nss where input text length was not checked when using certain cryptographic primitives. This could lead to a heap-buffer overflow resulting in a crash and data leak. • https://bugzilla.mozilla.org/show_bug.cgi?id=1539788 https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_notes https://security.netapp.com/advisory/ntap-20210129-0001 https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04 https://access.redhat.com/security/cve/CVE-2019-17006 https://bugzilla.redhat.com/show_bug.cgi?id=1775916 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 1

In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. En Network Security Services versiones anteriores a 3.44, una Secuencia de Certificados Netscape malformado puede causar que NSS se bloquee, resultando en una denegación de servicio • https://bugzilla.mozilla.org/show_bug.cgi?id=1533216 https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.44_release_notes https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04 https://access.redhat.com/security/cve/CVE-2019-17007 https://bugzilla.redhat.com/show_bug.cgi?id=1703979 • CWE-295: Improper Certificate Validation CWE-476: NULL Pointer Dereference •

CVSS: 6.5EPSS: 0%CPEs: 18EXPL: 0

In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service. En Network Security Services (NSS) versiones anteriores a 3.36.7 y versiones anteriores a 3.41.1, una firma malformada puede causar un bloqueo debido a una desreferencia de null, resultando en una Denegación de Servicio • https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdf https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.36.7_release_notes https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.41.1_release_notes https://us-cert.cisa.gov/ics/advisories/icsa-21-040-04 https://access.redhat.com/security/cve/CVE-2018-18508 https://bugzilla.redhat.com/show_bug.cgi?id=1671310 • CWE-476: NULL Pointer Dereference •