ROS-20240717-05

A vulnerability in the implementation of PKCS1 v1.5, OAEP, and RSASVP standards in the NSS Network Security Services library set is associated with insufficient protection of service data due to time discrepancy. Exploitation of the vulnerability allows an attacker acting remotely to implement th...

Debian dla-3757 : libnss3 - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3757 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3757-1 [email protected]...

RHEL 8 : nss (RHSA-2024:0093)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0093 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...

Amazon Linux 2023 : nspr, nspr-devel, nss (ALAS2023-2024-492)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-492 advisory. It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a...

Medium: nss-softokn

Issue Overview: It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the...

CVE-2023-5388

It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens...