14 matches found
Astra Linux - уязвимость в nss
A flaw was discovered in the implementation of CHACHA20-POLY1305 in NSS versions prior to 3.55. When using multi-part Chacha20, it could lead to out-of-bounds reads. This issue was addressed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and enforcing strict tag...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication in the signing and verification logic before applying JWT.decode. An attacker can forge valid JWTs by supplying a crafted token that passes signature verification due to the acceptance of empty keys. Note: This i...
Unity Linux 20.1060e / 20.1070e Security Update: nss (UTSA-2026-017618)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017618 advisory. A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. Thi...
Improper Resource Consumption
Axios is vulnerable to Improper Resource Consumption. The vulnerability is due to lack of enforcement of maxContentLength when using responseType 'stream', which allows an attacker to send large responses leading to unbounded resource consumption...
PT-2026-35713
Name of the Vulnerable Software and Affected Versions glibc versions 2.2 and newer Description The deprecated functions ns printrrf, ns printrr, and fp nquery fail to enforce the caller-supplied buffer length. This can lead to an out-of-bounds write, which occurs when data is written outside the...
spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...
spring-security-core: Spring Security BCryptPasswordEncoder does not enforce maximum password length
A flaw was found in the spring-security-core password encoder. This vulnerability allows incorrect password matching via input manipulation...
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20 it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.
...
ALPINE-CVE-2020-12403
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and strictly enforcing tag length...
DEBIAN-CVE-2020-12403
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and strictly enforcing tag length...
OESA-2021-1116 nss security update
Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...
nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and strictly enforcing tag length. The highest threat from...
nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 which was not functioning correctly and strictly enforcing tag length. The highest threat from...
CVE-2004-0350
The CVE-2004-0350 entry affects the SpiderSales shopping cart, which does not enforce a minimum length for the private key. This weakens key material quality and can let local users obtain the private key by factoring, with an in‑the‑wild risk limited by local access and a low base score (2.1). T...