According to its self-reported version number, the remote Junos Space version is 18.4.x prior to 18.4R1. It is, therefore, affected by multiple vulnerabilities : 

  - An integer overflow issue exists in procps-ng. This is     related to CVE-2018-1124. (CVE-2018-1126)

  - A directory traversal issue exits in reposync, a part     of yum-utils.tory configuration files. If an attacker     controls a repository, they may be able to copy files     outside of the destination directory on the targeted     system via path traversal. (CVE-2018-10897)

  - An integer overflow flaw was found in the Linux     kernel's create_elf_tables() function. An unprivileged     local user with access to SUID binary could use this     flaw to escalate their privileges on the system.
    (CVE-2018-14634)

Additionally, Junos Space is affected by several other vulnerabilities exist as noted in the vendor advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Keegan Ryan discovered that NSS incorrectly handled ECDSA key generation. A local attacker could possibly use this issue to perform a cache-timing attack and recover private ECDSA keys. (CVE-2018-0495)

It was discovered that NSS incorrectly handled certain v2-compatible ClientHello messages. A remote attacker could possibly use this issue to perform a replay attack. (CVE-2018-12384)

It was discovered that NSS incorrectly handled certain padding oracles. A remote attacker could possibly use this issue to perform a variant of the Bleichenbacher attack. (CVE-2018-12404).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Updates the nss family of packages to upstream NSPR 4.20 and NSS 3.39.

For details about new functionality and a list of bugs fixed in this release please see the upstream release notes

https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.39
_release_notes

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for MozillaFirefox, mozilla-nss and mozilla-nspr fixes the following issues :

Issues fixed in MozillaFirefox :

Update to Firefox ESR 60.4 (bsc#1119105)

CVE-2018-17466: Fixed a buffer overflow and out-of-bounds read in ANGLE library with TextureStorage11

CVE-2018-18492: Fixed a use-after-free with select element

CVE-2018-18493: Fixed a buffer overflow in accelerated 2D canvas with Skia

CVE-2018-18494: Fixed a Same-origin policy violation using location attribute and performance.getEntries to steal cross-origin URLs

CVE-2018-18498: Fixed a integer overflow when calculating buffer sizes for images

CVE-2018-12405: Fixed a few memory safety bugs

Issues fixed in mozilla-nss: Update to NSS 3.40.1 (bsc#1119105)

CVE-2018-12404: Fixed a cache side-channel variant of the Bleichenbacher attack (bsc#1119069)

CVE-2018-12384: Fixed an issue in the SSL handshake. NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. (bsc#1106873)

CVE-2018-0495: Fixed a memory-cache side-channel attack with ECDSA signatures (bsc#1097410)

Fixed a decryption failure during FFDHE key exchange

Various security fixes in the ASN.1 code

Issues fixed in mozilla-nspr: Update mozilla-nspr to 4.20 (bsc#1119105)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update for mozilla-nss and mozilla-nspr fixes the following issues :

Issues fixed in mozilla-nss :

  - Update to NSS 3.40.1 (bsc#1119105)

  - CVE-2018-12404: Fixed a cache side-channel variant of     the Bleichenbacher attack (bsc#1119069)

  - CVE-2018-12384: Fixed an issue in the SSL handshake. NSS     responded to an SSLv2-compatible ClientHello with a     ServerHello that had an all-zero random. (bsc#1106873)

  - CVE-2018-0495: Fixed a memory-cache side-channel attack     with ECDSA signatures (bsc#1097410)

  - Fixed a decryption failure during FFDHE key exchange

  - Various security fixes in the ASN.1 code

Issues fixed in mozilla-nspr :

  - Update mozilla-nspr to 4.20 (bsc#1119105)

This update was imported from the SUSE:SLE-15:Update update project.

This update for mozilla-nss to version 3.36.6 fixes the following issues :

Security issues fixed :

  - CVE-2018-12384: NSS responded to an SSLv2-compatible     ClientHello with a ServerHello that had an all-zero     random (bmo#1483128, boo#1106873)

  - CVE-2018-12404: Cache side-channel variant of the     Bleichenbacher attack (bmo#1485864, boo#1119069)

An update for nss is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

Security Fix(es) :

* nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank the Mozilla project for reporting this issue.

Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - ServerHello.random is all zeros when handling a     v2-compatible ClientHello (CVE-2018-12384)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack.(CVE-2018-12384)

Security Fix(es) :

  - nss: ServerHello.random is all zeros when handling a     v2-compatible ClientHello (CVE-2018-12384)

The remote OracleVM system is missing necessary patches to address critical security updates :

  - Added nss-vendor.patch to change vendor

  - Temporarily disable some tests until expired     PayPalEE.cert is renewed

  - Backport upstream fix for (CVE-2018-12384)

  - Remove nss-lockcert-api-change.patch, which turned out     to be a mistake (the symbol was not exported from     libnss)

  - Restore CERT_LockCertTrust and CERT_UnlockCertTrust back     in cert.h

  - rebuild

  - Keep legacy code signing trust flags for backwards     compatibility

  - Decrease the iteration count of PKCS#12 for     compatibility with Windows

  - Fix deadlock when a token is re-inserted while a client     process is running

  - Ignore tests which only works with newer nss-softokn

  - Use the correct tarball of NSS 3.36 release

  - Ignore EncryptDeriveTest which only works with newer     nss-softokn

  - Don't skip non-FIPS and ECC test cases in ssl.sh

  - Rebase to NSS 3.36.0

  - Rebase to NSS 3.36.0 BETA

  - Remove upstreamed nss-is-token-present-race.patch

  - Revert the upstream changes that default to sql database

  - Replace race.patch and nss-3.16-token-init-race.patch     with a proper upstream fix

  - Don't restrict nss_cycles to sharedb

  - Rebase to NSS 3.34.0

An update for nss is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

Security Fix(es) :

* nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank the Mozilla project for reporting this issue.

From Red Hat Security Advisory 2018:2898 :

An update for nss is now available for Red Hat Enterprise Linux 6.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

Security Fix(es) :

* nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank the Mozilla project for reporting this issue.

An update for nss is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

Security Fix(es) :

* nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank the Mozilla project for reporting this issue.

From Red Hat Security Advisory 2018:2768 :

An update for nss is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications.

Security Fix(es) :

* nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello (CVE-2018-12384)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank the Mozilla project for reporting this issue.

CVE-2018-12384 is not available