Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-2388-1:C1A90
HistorySep 29, 2020 - 7:15 p.m.

[SECURITY] [DLA 2388-1] nss security update

2020-09-2919:15:28
lists.debian.org
73

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.6%

JSON

Debian LTS Advisory DLA-2388-1 [email protected]
https://www.debian.org/lts/security/ Adrian Bunk
September 29, 2020 https://wiki.debian.org/LTS

Package : nss
Version : 2:3.26.2-1.1+deb9u2
CVE ID : CVE-2018-12404 CVE-2018-18508 CVE-2019-11719 CVE-2019-11729
CVE-2019-11745 CVE-2019-17006 CVE-2019-17007 CVE-2020-6829
CVE-2020-12399 CVE-2020-12400 CVE-2020-12401 CVE-2020-12402
CVE-2020-12403
Debian Bug : 921614 961752 963152

Various vulnerabilities were fixed in nss,
the Network Security Service libraries.

CVE-2018-12404

Cache side-channel variant of the Bleichenbacher attack.

CVE-2018-18508

NULL pointer dereference in several CMS functions resulting in a 
denial of service.

CVE-2019-11719

Out-of-bounds read when importing curve25519 private key.

CVE-2019-11729

Empty or malformed p256-ECDH public keys may trigger a segmentation 
fault.

CVE-2019-11745

Out-of-bounds write when encrypting with a block cipher.

CVE-2019-17006

Some cryptographic primitives did not check the length of the input 
text, potentially resulting in overflows.

CVE-2019-17007

Handling of Netscape Certificate Sequences may crash with a NULL 
dereference leading to a denial of service.

CVE-2020-12399

Force a fixed length for DSA exponentiation.

CVE-2020-6829
CVE-2020-12400

Side channel attack on ECDSA signature generation.

CVE-2020-12401

ECDSA timing attack mitigation bypass.

CVE-2020-12402

Side channel vulnerabilities during RSA key generation.

CVE-2020-12403

CHACHA20-POLY1305 decryption with undersized tag leads to 
out-of-bounds read.

For Debian 9 stretch, these problems have been fixed in version
2:3.26.2-1.1+deb9u2.

We recommend that you upgrade your nss packages.

For the detailed security status of nss please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nss

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian9alllightning-l10n-hy-am< 1:60.8.0-1~deb9u1lightning-l10n-hy-am_1:60.8.0-1~deb9u1_all.deb
Debian10alllightning-l10n-si< 1:60.8.0-1~deb10u1lightning-l10n-si_1:60.8.0-1~deb10u1_all.deb
Debian9allfirefox-esr-l10n-lt< 60.8.0esr-1~deb9u1firefox-esr-l10n-lt_60.8.0esr-1~deb9u1_all.deb
Debian9allthunderbird-l10n-ca< 1:60.8.0-1~deb9u1thunderbird-l10n-ca_1:60.8.0-1~deb9u1_all.deb
Debian9alliceweasel-l10n-ro< 1:60.8.0esr-1~deb9u1iceweasel-l10n-ro_1:60.8.0esr-1~deb9u1_all.deb
Debian10alllightning-l10n-sl< 1:60.8.0-1~deb10u1lightning-l10n-sl_1:60.8.0-1~deb10u1_all.deb
Debian9allicedove-l10n-hr< 1:60.8.0-1~deb9u1icedove-l10n-hr_1:60.8.0-1~deb9u1_all.deb
Debian9allfirefox-esr-l10n-ach< 60.8.0esr-1~deb9u1firefox-esr-l10n-ach_60.8.0esr-1~deb9u1_all.deb
Debian9alliceweasel-l10n-eu< 1:60.8.0esr-1~deb9u1iceweasel-l10n-eu_1:60.8.0esr-1~deb9u1_all.deb
Debian10mipslibnss3-dev< 2:3.42.1-1+deb10u1libnss3-dev_2:3.42.1-1+deb10u1_mips.deb
Rows per page:
1-10 of 7951

Related

openvas 45
osv 10
nessus 77
f5 1
ics 1
rocky 2
redhat 9
amazon 7
oraclelinux 5
centos 3
debian 7
ubuntu 6
almalinux 2
gentoo 1
suse 2
rosalinux 1
ibm 8
ubuntucve 3
veracode 1
mageia 1
mozilla 1
prion 2
debiancve 2
cve 1
redhatcve 1
openvas
openvas
Debian: Security Advisory (DLA-2388-1)
2020-09-30 00:00:00
Huawei EulerOS: Security Advisory for nss-softokn (EulerOS-SA-2021-1536)
2021-03-05 00:00:00
Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2021-1640)
2021-03-12 00:00:00
osv
osv
nss - security update
2020-09-29 00:00:00
Moderate: nss security and bug fix update
2021-02-16 07:32:47
nss - security update
2023-02-20 00:00:00
nessus
nessus
Debian DLA-2388-1 : nss security update
2020-09-30 00:00:00
EulerOS Virtualization for ARM 64 3.0.6.0 : nss-softokn (EulerOS-SA-2021-1536)
2021-03-04 00:00:00
Rocky Linux 8 : nss (RLSA-2021:0538)
2023-11-07 00:00:00
f5
f5
K61267093 : Multiple NSS vulnerabilities CVE-2020-6829, CVE-2020-12400, CVE-2020-12401, and CVE-2020-12402
2021-04-16 00:00:00
ics
ics
Siemens RUGGEDCOM ROX II
2021-02-09 12:00:00
rocky
rocky
nss security and bug fix update
2021-02-16 07:32:47
nss and nspr security, bug fix, and enhancement update
2020-08-03 12:45:28
redhat
redhat
(RHSA-2021:0538) Moderate: nss security and bug fix update
2021-02-16 07:32:47
(RHSA-2020:4076) Moderate: nss and nspr security, bug fix, and enhancement update
2020-09-29 19:33:00
(RHSA-2019:1951) Moderate: nss and nspr security, bug fix, and enhancement update
2019-07-30 19:33:01
amazon
amazon
Medium: nspr, nss-softokn, nss-util
2021-07-08 18:41:00
Medium: nspr, nss-softokn, nss-util, nss
2020-11-09 21:02:00
Important: nss, nss-softokn, nss-util, nspr
2020-03-16 21:29:00
oraclelinux
oraclelinux
nss and nspr security, bug fix, and enhancement update
2020-10-08 00:00:00
nss security and bug fix update
2021-02-17 00:00:00
nss and nspr security, bug fix, and enhancement update
2019-08-05 00:00:00
centos
centos
nspr, nss security update
2020-11-06 22:01:52
nss security update
2019-12-24 15:55:26
nspr, nss security update
2019-08-30 03:43:23
debian
debian
[SECURITY] [DLA 3327-1] nss security update
2023-02-20 15:16:03
[SECURITY] [DSA 4726-1] nss security update
2020-07-17 18:06:14
[SECURITY] [DLA 1704-1] nss security update
2019-03-05 03:44:43
ubuntu
ubuntu
NSS vulnerabilities
2020-08-10 00:00:00
NSS vulnerabilities
2019-07-16 00:00:00
NSS vulnerabilities
2019-07-16 00:00:00
almalinux
almalinux
Moderate: nss security and bug fix update
2021-02-16 07:32:47
Moderate: nss and nspr security, bug fix, and enhancement update
2020-08-03 12:45:28
gentoo
gentoo
Mozilla Network Security Service (NSS): Multiple vulnerabilities
2020-08-19 00:00:00
suse
suse
Security update for mozilla-nspr, mozilla-nss (moderate)
2020-01-12 00:00:00
Security update for mozilla-nspr, mozilla-nss (important)
2020-06-24 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2223
2023-08-29 12:02:20
ibm
ibm
Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities
2020-06-17 17:50:27
Security Bulletin: IBM MQ Appliance is affected by Network Security Services (NSS) vulnerabilities (CVE-2019-11729 and CVE-2019-11745)
2020-06-08 11:24:01
Security Bulletin: IBM QRadar Network Security is affected by Network Security Services (NSS) vulnerabilities (CVE-2019-11729, CVE-2019-11745)
2020-03-27 08:27:39
ubuntucve
ubuntucve
CVE-2020-6829
2020-08-05 00:00:00
CVE-2018-18508
2018-12-31 00:00:00
CVE-2019-17007
2019-11-29 00:00:00
veracode
veracode
Information Disclosure
2020-08-06 21:32:01
mageia
mageia
Updated firefox packages fix security vulnerability
2020-08-18 20:41:27
mozilla
mozilla
Security Vulnerabilities fixed in Firefox for Android 80 — Mozilla
2020-09-02 00:00:00
prion
prion
Design/Logic Flaw
2020-10-22 21:15:00
Denial of service
2020-10-22 21:15:00
debiancve
debiancve
CVE-2019-17007
2020-10-22 21:15:00
CVE-2018-18508
2020-10-22 21:15:00
cve
cve
CVE-2018-18508
2020-10-22 21:15:00
redhatcve
redhatcve
CVE-2018-18508
2020-02-16 02:05:56

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.013 Low

EPSS

Percentile

85.6%

JSON
Related for DEBIAN:DLA-2388-1:C1A90
openvas45osv10nessus77f51ics1rocky2redhat9amazon7oraclelinux5centos3debian7ubuntu6almalinux2gentoo1suse2rosalinux1ibm8ubuntucve3veracode1mageia1mozilla1prion2debiancve2cve1redhatcve1