Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
890
VMScore

CVE-2019-17006

Published: 22/10/2020 Updated: 21/07/2021
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

In Network Security Services (NSS) prior to 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

siemens ruggedcom rox mx5000 firmware

siemens ruggedcom rox rx1400 firmware

siemens ruggedcom rox rx1500 firmware

siemens ruggedcom rox rx1501 firmware

siemens ruggedcom rox rx1510 firmware

siemens ruggedcom rox rx1511 firmware

siemens ruggedcom rox rx1512 firmware

siemens ruggedcom rox rx5000 firmware

mozilla network security services

netapp solidfire -

netapp hci management node -

netapp hci storage node -

netapp hci compute node -

Vendor Advisories

Ubuntu Security Notice: nss vulnerability
NSS could be made to execute arbitrary code if it received a specially crafted input ...
Debian Security Advisories: DSA-4726-1 nss -- security update
Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in side channel/timing attacks or denial of service For the stable distribution (buster), these problems have been fixed in version 2:3421-1+deb10u3 We recommend that you upgrade your nss packages For the detailed security status of nss please re ...
Red Hat: Moderate: nss and nspr security, bug fix, and enhancement update
Synopsis Moderate: nss and nspr security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for nss, nss-softokn, nss-util, and nspr is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate ...
Red Hat: Moderate: nss and nspr security, bug fix, and enhancement update
Synopsis Moderate: nss and nspr security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for nss and nspr is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability ...
Red Hat: Low: OpenShift Container Platform 4.3.40 security and bug fix update
Synopsis Low: OpenShift Container Platform 4340 security and bug fix update Type/Severity Security Advisory: Low Topic An update is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring S ...
Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)
Synopsis Moderate: security update - Red Hat Ansible Tower 36 runner release (CVE-2019-18874) Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 36 runner release (CVE-2019-18874) Description Updated python-psutil version to 566 inside ansible-runner container(CVE-20 ...
Red Hat: Low: OpenShift Virtualization 2.4.2 Images
Synopsis Low: OpenShift Virtualization 242 Images Type/Severity Security Advisory: Low Topic Red Hat OpenShift Virtualization release 242 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security im ...
Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)
Synopsis Moderate: security update - Red Hat Ansible Tower 37 runner release (CVE-2019-18874) Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 37 runner release (CVE-2019-18874) Description Updated python-psutil version to 566 inside ansible-runner container (CVE-2 ...
Amazon Linux 2: ALAS2-2020-1559
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library This could lead to information disclosure This vulnerability affects Firefox ESR < 608, Firefox < 68, and Thunderbird < 608 (CVE-2019-11719) A vulnerability exi ...
Amazon Linux AMI: ALAS-2021-1522
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library This could lead to information disclosure This vulnerability affects Firefox ESR < 608, Firefox < 68, and Thunderbird < 608 (CVE-2019-11719) A vulnerability exi ...

References

CWE-119CWE-20https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.46_release_noteshttps://bugzilla.mozilla.org/show_bug.cgi?id=1539788https://security.netapp.com/advisory/ntap-20210129-0001/https://cert-portal.siemens.com/productcert/pdf/ssa-379803.pdfhttps://us-cert.cisa.gov/ics/advisories/icsa-21-040-04https://nvd.nist.govhttps://usn.ubuntu.com/4231-1/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-38627CVE-2022-45803CVE-2024-38319cameratemplate injectionCVE-2024-27801CVE-2024-0762CVE-2024-5791unauthorized
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook