Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DLA-23-1:9724D
HistoryJul 31, 2014 - 11:23 a.m.

[DLA 23-1] nss security update

2014-07-3111:23:33
lists.debian.org
8

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

52.3%

JSON

Package : nss
Version : 3.12.8-1+squeeze8
CVE ID : CVE-2013-1741 CVE-2013-5606 CVE-2014-1491 CVE-2014-1492

CVE-2013-1741

Runaway memset in certificate parsing on 64-bit computers leading to
a crash by attempting to write 4Gb of nulls.

CVE-2013-5606

Certificate validation with the verifylog mode did not return
validation errors, but instead expected applications to determine
the status by looking at the log.

CVE-2014-1491

Ticket handling protection mechanisms bypass due to the lack of
restriction of public values in Diffie-Hellman key exchanges.

CVE-2014-1492

Incorrect IDNA domain name matching for wildcard certificates could
allow specially-crafted invalid certificates to be considered as
valid.

Attachment:
signature.asc
Description: This is a digitally signed message part.

OSVersionArchitecturePackageVersionFilename
Debian7ia64libnss3-dbg< 2:3.14.5-1+deb7u1libnss3-dbg_2:3.14.5-1+deb7u1_ia64.deb
Debian7powerpclibnss3-tools< 2:3.14.5-1+deb7u1libnss3-tools_2:3.14.5-1+deb7u1_powerpc.deb
Debian7i386libnss3-tools< 2:3.14.5-1+deb7u1libnss3-tools_2:3.14.5-1+deb7u1_i386.deb
Debian7armellibnss3-dbg< 2:3.14.5-1+deb7u1libnss3-dbg_2:3.14.5-1+deb7u1_armel.deb
Debian7kfreebsd-amd64libnss3< 2:3.14.5-1+deb7u1libnss3_2:3.14.5-1+deb7u1_kfreebsd-amd64.deb
Debian7powerpclibnss3-dbg< 2:3.14.5-1+deb7u1libnss3-dbg_2:3.14.5-1+deb7u1_powerpc.deb
Debian6i386libnss3-tools< 3.12.8-1+squeeze8libnss3-tools_3.12.8-1+squeeze8_i386.deb
Debian7sparclibnss3-dbg< 2:3.14.5-1+deb7u1libnss3-dbg_2:3.14.5-1+deb7u1_sparc.deb
Debian7ia64libnss3-1d< 2:3.14.5-1+deb7u1libnss3-1d_2:3.14.5-1+deb7u1_ia64.deb
Debian7ia64libnss3-dev< 2:3.14.5-1+deb7u1libnss3-dev_2:3.14.5-1+deb7u1_ia64.deb
Rows per page:
1-10 of 751

Related

openvas 79
debian 1
osv 2
nessus 38
fedora 30
ubuntu 2
suse 1
oraclelinux 6
securityvulns 2
mozilla 2
cve 4
debiancve 4
prion 4
ubuntucve 4
redhat 4
centos 3
mageia 1
slackware 1
seebug 1
veracode 4
intothesymmetry 1
amazon 1
ibm 3
f5 1
openvas
openvas
Debian Security Advisory DSA 2994-1 (nss - security update)
2014-07-31 00:00:00
Debian: Security Advisory (DLA-23-1)
2023-03-08 00:00:00
Debian: Security Advisory (DSA-2994-1)
2014-07-30 00:00:00
debian
debian
[SECURITY] [DSA 2994-1] nss security update
2014-07-31 11:51:32
osv
osv
nss - security update
2014-07-31 00:00:00
nss - security update
2014-07-31 00:00:00
nessus
nessus
Debian DLA-23-1 : nss security update
2015-03-26 00:00:00
Debian DSA-2994-1 : nss - security update
2014-08-01 00:00:00
Oracle iPlanet Web Server 7.0.x < 7.0.20 Multiple Vulnerabilities
2014-07-18 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: nss-3.15.3.1-1.fc19
2014-01-05 12:35:19
[SECURITY] Fedora 19 Update: nss-softokn-3.15.3-1.fc19
2013-12-15 03:36:48
[SECURITY] Fedora 20 Update: nss-3.15.3-2.fc20
2013-12-14 02:52:25
ubuntu
ubuntu
NSS vulnerabilities
2013-11-18 00:00:00
NSS vulnerability
2014-04-02 00:00:00
suse
suse
Security update for mozilla-nspr, mozilla-nss (important)
2013-12-02 20:04:14
oraclelinux
oraclelinux
nss, nspr, and nss-util security update
2013-12-12 00:00:00
nss and nspr security, bug fix, and enhancement update
2013-12-05 00:00:00
nss, nss-util, and nss-softokn security, bug fix, and enhancement update
2014-12-02 00:00:00
securityvulns
securityvulns
Mozilla nss security vulnerabilities
2013-11-26 00:00:00
[ MDVSA-2014:066 ] nss
2014-03-24 00:00:00
mozilla
mozilla
Miscellaneous Network Security Services (NSS) vulnerabilities — Mozilla
2013-11-15 00:00:00
Incorrect IDNA domain name matching for wildcard certificates — Mozilla
2014-04-29 00:00:00
cve
cve
CVE-2013-5606
2013-11-18 05:23:00
CVE-2014-1491
2014-02-06 05:44:00
CVE-2014-1492
2014-03-25 13:25:00
debiancve
debiancve
CVE-2013-5606
2013-11-18 05:23:00
CVE-2014-1492
2014-03-25 13:25:00
CVE-2014-1491
2014-02-06 05:44:00
prion
prion
Design/Logic Flaw
2013-11-18 05:23:00
Integer overflow
2013-11-18 05:23:00
Design/Logic Flaw
2014-03-25 13:25:00
ubuntucve
ubuntucve
CVE-2013-5606
2013-11-14 00:00:00
CVE-2013-1741
2013-11-14 00:00:00
CVE-2014-1491
2014-02-05 00:00:00
redhat
redhat
(RHSA-2014:1246) Moderate: nss and nspr security, bug fix, and enhancement update
2014-09-16 00:00:00
(RHSA-2014:1073) Low: nss, nss-util, nss-softokn security, bug fix, and enhancement update
2014-08-18 00:00:00
(RHSA-2013:1791) Important: nss and nspr security, bug fix, and enhancement update
2013-12-05 00:00:00
centos
centos
nss security update
2014-09-30 11:21:57
nss security update
2014-08-18 21:47:41
nspr, nss security update
2013-12-05 17:45:58
mageia
mageia
Updated firefox, rootcerts, nspr & nss packages fix security vulnerabilities
2013-11-21 00:54:49
slackware
slackware
[slackware-security] mozilla-nss
2014-03-28 22:54:39
seebug
seebug
Mozilla Network Security Services 'p12creat.c'内存破坏漏洞
2014-03-25 00:00:00
veracode
veracode
Man-in-the-Middle Attack
2019-05-02 05:03:48
Denial Of Service (DoS)
2019-05-02 05:00:22
Denial Of Service (DoS)
2019-05-02 05:00:20
intothesymmetry
intothesymmetry
Small subgroup attack in Mozilla NSS
2015-12-22 13:29:00
amazon
amazon
Important: nspr
2013-12-17 21:31:00
ibm
ibm
Security Bulletin: Vulnerabilities in Network Security Services (NSS) and Netscape Portable Runtime (NSPR) affect IBM SAN Volume Controller and Storwize Family (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545)
2022-08-20 00:54:31
Security Bulletin: Vulnerabilities in Network Security Services (NSS) and Netscape Portable Runtime (NSPR) affect IBM SAN Volume Controller and Storwize Family (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545)
2023-03-29 01:48:02
Security Bulletin: Six (6) Vulnerabilities in Network Security Services (NSS) & Netscape Portable Runtime (NSPR) affect IBM FlashSystem 840 and V840 (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545)
2023-02-18 01:45:50
f5
f5
SOL16716 - Multiple Mozilla NSS vulnerabilities
2015-06-05 00:00:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

52.3%

JSON
Related for DEBIAN:DLA-23-1:9724D
openvas79debian1osv2nessus38fedora30ubuntu2suse1oraclelinux6securityvulns2mozilla2cve4debiancve4prion4ubuntucve4redhat4centos3mageia1slackware1seebug1veracode4intothesymmetry1amazon1ibm3f51