48 matches found
MiracleLinux 7 : nss-3.36.0-7.el7 (AXSA:2018-3341:02)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3341:02 advisory. nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello CVE-2018-12384 Tenable has extracted the preceding description block directly...
MiracleLinux 4 : nss-3.36.0-9.AXS4 (AXSA:2018-3352:01)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3352:01 advisory. nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello CVE-2018-12384 Tenable has extracted the preceding description block directly...
K41738501: Mozilla NSS vulnerability CVE-2018-12384
Security Advisory Description When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not...
Ubuntu: Security Advisory (USN-3850-2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: This Power System update is being released to address CVE-2018-12384
Summary POWER9: In response to a data leak vulnerability in the network security services, a new Power Systems firmware update is being released to address Common Vulnerabilities and Exposures issue number CVE-2018-12384. This man-in-the-middle attack could provide false completion or errant...
Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2019-1169)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2018-1358)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2018-1366)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NewStart CGSL MAIN 4.05 : nss Vulnerability (NS-SA-2019-0131)
The remote NewStart CGSL host, running version MAIN 4.05, has nss packages installed that are affected by a vulnerability: - A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this fla...
EulerOS Virtualization for ARM 64 3.0.1.0 : nss (EulerOS-SA-2019-1397)
According to the versions of the nss packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero...
CVE-2018-12384
The CVE-2018-12384 issue affects Mozilla NSS (as used by Firefox) where handling an SSLv2-compatible ClientHello uses an all-zero random value instead of a fresh one, enabling malleability and potential information leakage in TLS 1.2 on affected NSS versions prior to 3.39. The vulnerability does ...
CVE-2018-12384
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3...
openSUSE Security Update : mozilla-nss (openSUSE-2019-998)
This update for mozilla-nss to version 3.36.6 fixes the following issues : Security issues fixed : - CVE-2018-12384: NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random bmo1483128, boo1106873 - CVE-2018-12404: Cache side-channel variant of the...
openSUSE Security Update : mozilla-nspr and mozilla-nss (openSUSE-2019-1039)
This update for mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in mozilla-nss : - Update to NSS 3.40.1 bsc1119105 - CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack bsc1119069 - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS respond...
Security Bulletin: A Security Vulnerability affects IBM Cloud Private Kiali Istio addon
Summary A Security Vulnerability affects IBM Cloud Private Kiali Istio addon Vulnerability Details CVEID: CVE-2018-12384 DESCRIPTION: Mozilla Network Security Services NSS, as used in Mozilla Firefox, could allow a remote attacker to obtain sensitive information, caused by the improper handling o...
Security Bulletin: IBM MQ Appliance is affected by a Mozilla Network Security Services (NSS) vulnerability (CVE-2018-12384)
Summary IBM MQ Appliance has addressed the following Mozilla Network Security Services NSS vulnerability. Vulnerability Details CVEID: CVE-2018-12384 DESCRIPTION: Mozilla Network Security Services NSS, as used in Mozilla Firefox, could allow a remote attacker to obtain sensitive information, caus...
Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : NSS vulnerabilities (USN-3850-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3850-1 advisory. Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perfo...
Ubuntu: Security Advisory (USN-3850-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3850-1: NSS vulnerabilities
Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. CVE-2018-0495 It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remo...
SUSE SLED15 / SLES15 Security Update : MozillaFirefox, mozilla-nspr / mozilla-nss (SUSE-SU-2018:4235-1)
This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues : Issues fixed in MozillaFirefox : Update to Firefox ESR 60.4 bsc1119105 CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11 CVE-2018-18492: Fixed a...