CVSS: 9.8EPSS: 23%CPEs: 17EXPL: 0CVE-2015-7182 – nss: ASN.1 decoder heap overflow when decoding constructed OCTET STRING that mixes indefinite and definite length encodings (MFSA 2015-133)
https://notcve.org/view.php?id=CVE-2015-7182
04 Nov 2015 — Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. Desbordamiento de buffer basado en memoria dinámica en el decodificador ASN.1 en Mozilla Network Security Services (NSS) en versiones anteriores a 3.19.2.1 ... • http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 25EXPL: 0CVE-2013-1620 – nss: TLS CBC padding timing attack
https://notcve.org/view.php?id=CVE-2013-1620
08 Feb 2013 — The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169. La implementación en Mozilla Network Security Services (NSS) de TLS no tiene debidamente en cuenta tiempos de canal... • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 • CWE-203: Observable Discrepancy •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2012-0079 – OpenSSO: Unspecified vulnerability allows remote attackers to affect integrity via unknown vectors
https://notcve.org/view.php?id=CVE-2012-0079
18 Jan 2012 — Unspecified vulnerability in Oracle OpenSSO 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Administration. Vulnerabilidad no especificada en Oracle OpenSSO v7.1 y v8.0 permite a atacantes remotos afectar a la integridad a través de vectores desconocidos relacionados con la Administración. • http://osvdb.org/78412 •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2010-4444
https://notcve.org/view.php?id=CVE-2010-4444
19 Jan 2011 — Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en Oracle Sun Java System Access Manager y Oracle OpenSSO v7, v7.1 y v8 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • http://osvdb.org/70579 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3762
https://notcve.org/view.php?id=CVE-2009-3762
13 Jul 2010 — Unspecified vulnerability in Oracle OpenSSO Enterprise 8.0 allows remote attackers to affect integrity via unknown vectors. Vulnerabilidad sin especificar en Oracle OpenSSO Enterprise v8.0, permite a atacantes remotos comprometer la integridad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2009-3763
https://notcve.org/view.php?id=CVE-2009-3763
13 Jul 2010 — Unspecified vulnerability in the Access Manager / OpenSSO component in Oracle OpenSSO Enterprise 7.1, 7, 2005Q4, and 8.0 allows remote attackers to affect integrity via unknown vectors. Vulnerabilidad no especificada en el componente Access Manager / OpenSSO de Oracle OpenSSO Enterprise v7.1, v7, v2005Q4, y v8.0, permite a atacantes remotos afectar la integridad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-3764
https://notcve.org/view.php?id=CVE-2009-3764
13 Jul 2010 — Unspecified vulnerability in the OpenSSO component in Oracle OpenSSO Enterprise 8.0 allows remote attackers to affect integrity via unknown vectors. Vulnerabilidad sin especificar en el componente OpenSSO en Oracle OpenSSO Enterprise v8.0, permite a atacantes remotos comprometer la integridad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2010-0894
https://notcve.org/view.php?id=CVE-2010-0894
13 Apr 2010 — Unspecified vulnerability in the Sun Java System Access Manager component in Oracle Sun Product Suite 7.1, 7 2005Q4, and OpenSSO Enterprise 8.0 allows remote attackers to affect confidentiality and integrity via unknown vectors. Vulnerabilidad no especificada en el componente Sun Java System Access Manager en Oracle Sun Product Suite v7.1, 7 2005Q4, y OpenSSO Enterprise v8.0 allows a atacantes afectar la confidencialidad e integridad a través de vectores desconocidos. • http://secunia.com/advisories/39431 •