9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.9%
Software: nss 3.53.1
OS: ROSA Virtualization 2.1
package_evr_string: nss-3.53.1-17.rv3.1c.src.rpm
CVE-ID: CVE-2020-12403
BDU-ID: None
CVE-Crit: CRITICAL
CVE-DESC.: A bug was discovered in the way CHACHA20-POLY1305 is implemented in NSS in versions prior to 3.55. When using a Chacha20 consisting of multiple parts, this could result in reads outside the valid range. This issue was fixed by explicitly disabling multi-part ChaCha20 (which did not work properly) and strictly enforcing tag length. The biggest threat from this vulnerability is to system privacy and availability.
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update nss command
CVE-ID: CVE-2020-12400
BDU-ID: 2020-03960
CVE-Crit: MEDIUM
CVE-DESC.: Vulnerability in the modular inversion feature of the NSS (Network Security Services) library set, allowing an attacker to gain unauthorized access to protected information
CVE-STATUS: Fixed
CVE-REV: Execute yum update nss command to close.
CVE-ID: CVE-2020-6829
BDU-ID: 2020-03953
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Knowledge Management component of the Knowledge Management component of the SAP NetWeaver software integration platform is related to failure to take measures to neutralize script-related HTML tags on a web page. Exploitation of the vulnerability could allow a remote attacker to perform cross-site scripting attacks
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update nss command.
CVE-ID: CVE-2021-43527
BDU-ID: 2022-00002
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the Amazon Linux AMI operating system NSS cryptographic library suite is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: Execute yum update nss command to close.
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
76.9%