New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionSecurity Fix(es) :
- nss: Out-of-bounds read when importing curve25519 private key (CVE-2019-11719)
- nss: Use-after-free in sftk_FreeSession due to improper refcounting (CVE-2019-11756)
- nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)
- nss: Side channel attack on ECDSA signature generation (CVE-2020-6829)
- nss: P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function (CVE-2020-12400)
- nss: ECDSA timing attack mitigation bypass (CVE-2020-12401)
- nss: Side channel vulnerabilities during RSA key generation (CVE-2020-12402)
- nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read (CVE-2020-12403)
- nss: PKCS#1 v1.5 signatures can be used for TLS 1.3 (CVE-2019-11727)
- nss: TLS 1.3 HelloRetryRequest downgrade request sets client into invalid state (CVE-2019-17023)
SolutionUpdate the affected packages.