[414124] RSA signature malleability in NSS (CVE-2014-1568).
Thanks to Antoine Delignat-Lavaud of Prosecco/INRIA, Brian Smith
and Advanced Threat Research team at Intel Security

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchchromium< 37.0.2062.124UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	chromium	< 37.0.2062.124	UNKNOWN

References

googlechromereleases.blogspot.nl/

nessus 49

suse 6

prion 3

osv 3

openvas 49

debian 4

centos 1

mozilla 1

cert 1

fedora 9

redhat 3

archlinux 1

veracode 1

mageia 1

ubuntu 3

amazon 3

cve 3

checkpoint_advisories 1

debiancve 3

freebsd 1

ubuntucve 2

oraclelinux 2

chrome 1

redhatcve 1

alpinelinux 1

ibm 4

securityvulns 3

oracle 3

gentoo 1

nessus

Oracle Linux 5 / 6 / 7 : nss (ELSA-2014-1307)

2014-09-29 00:00:00

Mandriva Linux Security Advisory : nss (MDVSA-2014:189)

2014-09-26 00:00:00

OracleVM 3.3 : nss (OVMSA-2014-0082)

2014-12-15 00:00:00

suse

NSS update to avoid signature forgery (critical)

2014-09-28 12:04:18

Security update for mozilla-nss (important)

2014-10-01 17:04:53

Security update for mozilla-nss (important)

2014-09-27 00:04:18

prion

Design/Logic Flaw

2014-09-25 17:55:00

Design/Logic Flaw

2018-09-26 21:29:00

Code injection

2018-11-07 20:29:00

osv

nss - security update

2014-09-25 00:00:00

CVE-2018-16253

2018-11-07 20:29:00

CVE-2018-16152

2018-09-26 21:29:01

openvas

CentOS Update for nss CESA-2014:1307 centos7

2014-10-01 00:00:00

Seamonkey RSA Spoof Vulnerability (Sep 2014) - Mac OS X

2014-09-30 00:00:00

Mozilla Firefox ESR RSA Spoof Vulnerability (Sep 2014) - Windows

2014-09-29 00:00:00

debian

[SECURITY] [DSA 3033-1] nss security update

2014-09-25 00:23:40

[SECURITY] [DSA 3037-1] icedove security update

2014-09-26 19:31:43

[SECURITY] [DSA 3034-1] iceweasel security update

2014-09-25 06:25:14

centos

nss security update

2014-09-26 11:29:24

mozilla

RSA Signature Forgery in NSS — Mozilla

2014-09-24 00:00:00

cert

Mozilla Network Security Services (NSS) fails to properly verify RSA signatures

2014-09-24 00:00:00

fedora

[SECURITY] Fedora 21 Update: nss-3.17.1-1.fc21

2014-09-29 04:00:07

[SECURITY] Fedora 21 Update: nss-softokn-3.17.1-2.fc21

2014-09-29 04:00:06

[SECURITY] Fedora 21 Update: nss-util-3.17.1-1.fc21

2014-09-29 04:00:07

redhat

(RHSA-2014:1307) Important: nss security update

2014-09-26 00:00:00

(RHSA-2014:1371) Important: nss security update

2014-10-10 00:00:00

(RHSA-2014:1354) Critical: rhev-hypervisor6 security update

2014-10-02 00:00:00

archlinux

NSS: Signature forgery attack

2014-09-24 00:00:00

veracode

Spoofable RSA Signatures

2019-01-15 09:01:59

mageia

Updated nss packages fix CVE-2014-1568

2014-09-26 19:55:04

ubuntu

Thunderbird vulnerabilities

2014-09-24 00:00:00

Firefox vulnerabilities

2014-09-24 00:00:00

NSS vulnerability

2014-09-24 00:00:00

amazon

Important: nss

2014-10-01 16:32:00

Important: nss-util

2014-10-01 16:32:00

Important: nss-softokn

2014-10-01 16:32:00

cve

CVE-2014-1568

2014-09-25 17:55:00

CVE-2018-16152

2018-09-26 21:29:00

CVE-2018-16253

2018-11-07 20:29:00

checkpoint_advisories

Mozilla Network Security Services RSA Signature Forgery (CVE-2014-1568)

2014-10-19 00:00:00

debiancve

CVE-2014-1568

2014-09-25 17:55:00

CVE-2018-16253

2018-11-07 20:29:00

CVE-2018-16152

2018-09-26 21:29:00

freebsd

NSS -- RSA Signature Forgery

2014-09-23 00:00:00

ubuntucve

CVE-2014-1568

2014-09-24 00:00:00

CVE-2018-16152

2018-09-24 00:00:00

oraclelinux

nss security update

2014-09-26 00:00:00

nss, nss-util, and nss-softokn security, bug fix, and enhancement update

2014-12-02 00:00:00

chrome

Stable Channel Update

2014-09-24 00:00:00

redhatcve

CVE-2018-16152

2018-10-03 20:20:39

alpinelinux

CVE-2018-16152

2018-09-26 21:29:00

ibm

Security Bulletin: IBM Cognos Business Intelligence Server is affected by multiple vulnerabilities (CVE-2014-3566, CVE-2014-6145, CVE-2014-1568, CVE-2014-4263, CVE-2012-5784, CVE-2014-3513, CVE-2014-3567 and CVE-2014-3568).

2018-06-15 23:13:34

Security Bulletin: A security vulnerability has been identified in multiple products that ship with IBM Predictive Customer Intelligence (CVE-2014-3566)

2020-02-11 21:31:00

Security Bulletin: Tivoli Common Reporting iFixes for multiple Security Vulnerabilities (CVE-2014-3566,CVE-2014-6145,CVE-2014-1568,CVE-2014-4263,CVE-2014-3513,CVE-2014-3567,CVE-2014-3568,CVE-2014-0107,CVE-2014-0075,CVE-2014-0096,CVE-2014-0099,CVE-2014-011

2018-06-17 14:55:57

securityvulns

Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities

2015-04-17 00:00:00

Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities

2015-01-25 00:00:00

Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities

2015-07-20 00:00:00

oracle

Oracle Critical Patch Update - April 2015

2015-04-14 00:00:00

Oracle Critical Patch Update Advisory - January 2015

2015-03-10 00:00:00

Oracle Critical Patch Update Advisory - July 2015

2015-07-14 00:00:00

gentoo

Mozilla Products: Multiple vulnerabilities

2015-04-07 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.061 Low

EPSS

Percentile

92.7%

JSON

Related for BD2EF267-4485-11E4-B0B7-00262D5ED8EE