9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%
Several vulnerabilities were discovered in NSS, the cryptography
library developed by the Mozilla project.
In addition, the NSS library did not ignore environment variables in
processes which underwent a SUID/SGID/AT_SECURE transition at process
start. In certain system configurations, this allowed local users to
escalate their privileges.
This update contains further correctness and stability fixes without
immediate security impact.
For the stable distribution (jessie), these problems have been fixed in
version 2:3.26-1+debu8u1.
For the unstable distribution (sid), these problems have been fixed in
version 2:3.23-1.
We recommend that you upgrade your nss packages.
CPE | Name | Operator | Version |
---|---|---|---|
nss | eq | 2:3.17.2-1.1 | |
nss | eq | 2:3.17.2-1.1+deb8u1 | |
nss | eq | 2:3.17.2-1.1+deb8u2 | |
nss | eq | 2:3.17.2-1.1+x32 | |
nss | eq | 2:3.17.4-1 | |
nss | eq | 2:3.18-1 | |
nss | eq | 2:3.19-1 | |
nss | eq | 2:3.19.1-1 | |
nss | eq | 2:3.19.1-2 | |
nss | eq | 2:3.19.2-1 |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.975 High
EPSS
Percentile
100.0%