Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatcveRedhat.comRH:CVE-2020-12401
HistoryJul 31, 2020 - 8:13 a.m.

CVE-2020-12401

2020-07-3108:13:22
redhat.com
access.redhat.com
17

0.0005 Low

EPSS

Percentile

17.0%

JSON

A flaw was found in nss. Using the EM side-channel, it is possible to extract the position of zero and non-zero wNAF digits while nss-certutil tool performs scalar multiplication during the ECDSA signature generation, leaking partial information about the ECDSA nonce. Given a small number of ECDSA signatures, this information can be used to steal the private key. The highest threat from this vulnerability is to data confidentiality.

Mitigation

This is a side channel attack which can used to exact pirate keys when ECDSA signatures are being generated. This attack is only feasible when the attacker is local to the machine or in certain cross-VM scenarios where the signature is being generated. Attacks over the network or via the internet are not feasible.

Related

cve 1
openvas 18
fedora 2
debiancve 1
alpinelinux 1
prion 1
nessus 32
nvd 1
osv 4
ubuntucve 1
cvelist 1
veracode 1
ubuntu 3
gentoo 1
f5 1
redhat 9
rocky 1
debian 2
mozilla 2
mageia 1
oraclelinux 1
amazon 2
kaspersky 1
centos 1
rosalinux 1
cve
cve
CVE-2020-12401
2020-10-08 14:15:11
openvas
openvas
Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2021-1249)
2021-02-05 00:00:00
Fedora: Security Advisory for nss (FEDORA-2020-481c7e285d)
2020-08-16 00:00:00
Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2021-1268)
2021-02-05 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: nss-3.55.0-1.fc32
2020-08-16 01:06:11
[SECURITY] Fedora 31 Update: nss-3.55.0-1.fc31
2020-08-25 01:17:14
debiancve
debiancve
CVE-2020-12401
2020-10-08 14:15:11
alpinelinux
alpinelinux
CVE-2020-12401
2020-10-08 14:15:11
prion
prion
Design/Logic Flaw
2020-10-08 14:15:00
nessus
nessus
EulerOS 2.0 SP9 : nss (EulerOS-SA-2021-1268)
2021-02-05 00:00:00
EulerOS 2.0 SP9 : nss (EulerOS-SA-2021-1249)
2021-02-05 00:00:00
EulerOS Virtualization 2.9.1 : nss (EulerOS-SA-2021-1717)
2021-04-15 00:00:00
nvd
nvd
CVE-2020-12401
2020-10-08 14:15:11
osv
osv
CVE-2020-12401
2020-10-08 14:15:11
Moderate: nss security and bug fix update
2021-02-16 07:32:47
nss - security update
2023-02-20 00:00:00
ubuntucve
ubuntucve
CVE-2020-12401
2020-08-05 00:00:00
cvelist
cvelist
CVE-2020-12401
2020-10-08 00:00:00
veracode
veracode
Information Disclosure
2020-08-06 21:32:01
ubuntu
ubuntu
NSS vulnerabilities
2020-08-10 00:00:00
Firefox vulnerabilities
2020-08-26 00:00:00
Firefox regressions
2020-09-03 00:00:00
gentoo
gentoo
Mozilla Network Security Service (NSS): Multiple vulnerabilities
2020-08-19 00:00:00
f5
f5
K61267093 : Multiple NSS vulnerabilities CVE-2020-6829, CVE-2020-12400, CVE-2020-12401, and CVE-2020-12402
2021-04-16 00:00:00
redhat
redhat
(RHSA-2021:0538) Moderate: nss security and bug fix update
2021-02-16 07:32:47
(RHSA-2020:4076) Moderate: nss and nspr security, bug fix, and enhancement update
2020-09-29 19:33:00
(RHSA-2021:0949) Low: Red Hat OpenShift Do openshift/odo-init-image 1.1.3 security update
2021-03-22 09:48:51
rocky
rocky
nss security and bug fix update
2021-02-16 07:32:47
debian
debian
[SECURITY] [DLA 3327-1] nss security update
2023-02-20 15:16:03
[SECURITY] [DLA 2388-1] nss security update
2020-09-29 19:15:28
mozilla
mozilla
Security Vulnerabilities fixed in Firefox for Android 80 — Mozilla
2020-09-02 00:00:00
Security Vulnerabilities fixed in Firefox 80 — Mozilla
2020-08-25 00:00:00
mageia
mageia
Updated firefox packages fix security vulnerability
2020-08-18 20:41:27
oraclelinux
oraclelinux
nss and nspr security, bug fix, and enhancement update
2020-10-08 00:00:00
amazon
amazon
Medium: nspr, nss-softokn, nss-util
2021-07-08 18:41:00
Medium: nspr, nss-softokn, nss-util, nss
2020-11-09 21:02:00
kaspersky
kaspersky
KLA11942 Multiple vulnerabilities in Mozilla Firefox
2020-08-25 00:00:00
centos
centos
nspr, nss security update
2020-11-06 22:01:52
rosalinux
rosalinux
Advisory ROSA-SA-2021-1835
2021-07-02 16:43:38

0.0005 Low

EPSS

Percentile

17.0%

JSON
Related for RH:CVE-2020-12401
cve1openvas18fedora2debiancve1alpinelinux1prion1nessus32nvd1osv4ubuntucve1cvelist1veracode1ubuntu3gentoo1f51redhat9rocky1debian2mozilla2mageia1oraclelinux1amazon2kaspersky1centos1rosalinux1