Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DLA-480-1
HistoryMay 18, 2016 - 12:00 a.m.

nss - security update

2016-05-1800:00:00
Google
osv.dev
12

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

This security update fixes serious security issues in NSS including
arbitrary code execution and remote denial service attacks.

For Debian 7 wheezy, these problems have been fixed in
3.14.5-1+deb7u6. We recommend you upgrade your nss packages as soon as
possible.

  • CVE-2015-7181
    The sec_asn1d_parse_leaf function improperly restricts access to
    an unspecified data structure.
  • CVE-2015-7182
    Heap-based buffer overflow in the ASN.1 decoder.
  • CVE-2016-1938
    The s_mp_div function in lib/freebl/mpi/mpi.c in improperly
    divides numbers, which might make it easier for remote attackers
    to defeat cryptographic protection mechanisms.
  • CVE-2016-1950
    Heap-based buffer overflow allows remote attackers to execute
    arbitrary code via crafted ASN.1 data in an X.509 certificate.
  • CVE-2016-1978
    Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange
    function allows remote attackers to cause a denial of service or
    possibly have unspecified other impact by making an SSL (1) DHE or
    (2) ECDHE handshake at a time of high memory consumption.
  • CVE-2016-1979
    Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey
    function allows remote attackers to cause a denial of service or
    possibly have unspecified other impact via crafted key data with
    DER encoding.

Further information about Debian LTS security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <https://wiki.debian.org/LTS&gt;

Related

openvas 49
nessus 55
debian 3
osv 2
ibm 16
oraclelinux 7
symantec 2
redhat 9
ubuntu 3
archlinux 1
centos 7
amazon 3
freebsd 2
veracode 6
slackware 1
f5 8
mozilla 4
prion 5
cve 5
debiancve 5
ubuntucve 5
mageia 1
openvas
openvas
Debian: Security Advisory (DLA-480-1)
2023-03-08 00:00:00
Debian Security Advisory DSA 3688-1 (nss - security update)
2016-10-05 00:00:00
Oracle: Security Advisory (ELSA-2016-0591)
2016-04-06 00:00:00
nessus
nessus
Debian DLA-480-1 : nss security update
2016-05-19 00:00:00
Debian DSA-3688-1 : nss - security update (Logjam) (SLOTH)
2016-10-06 00:00:00
CentOS 6 : nspr / nss / nss-util (CESA-2016:0591)
2016-04-07 00:00:00
debian
debian
[SECURITY] [DLA 480-1] nss security update
2016-05-18 18:34:37
[SECURITY] [DSA 3688-1] nss security update
2016-10-05 20:20:43
[SECURITY] [DLA 354-1] nss security update
2015-11-29 16:36:27
osv
osv
nss - security update
2016-10-05 00:00:00
nss - security update
2015-11-29 00:00:00
ibm
ibm
Security Bulletin: Multiple Security Vulnerabilities fixed in IBM Security Privileged Identity Manager
2018-06-16 21:41:47
Security Bulletin: Vulnerabilities in Mozilla Firefox Network Security Services affect PowerKVM (CVE-2016-1978,CVE-2016-1979)
2018-06-18 01:32:18
Security Bulletin: IBM Security Access Manager for Web is affected by vulnerabilities in nss, nss-util, and nspr (CVE-2016-1978, CVE-2016-1979)
2018-06-16 21:44:35
oraclelinux
oraclelinux
nss, nss-util, and nspr security, bug fix, and enhancement update
2016-04-05 00:00:00
nss and nspr security, bug fix, and enhancement update
2016-04-25 00:00:00
nss and nspr security update
2015-11-04 00:00:00
symantec
symantec
SA119 : Multiple NSS Vulnerabilities
2016-03-22 08:00:00
SA124 : NSS Vulnerabilities March 2016
2016-06-07 08:00:00
redhat
redhat
(RHSA-2016:0591) Moderate: nss, nss-util, and nspr security, bug fix, and enhancement update
2016-04-05 00:00:00
(RHSA-2016:0685) Moderate: nss, nspr, nss-softokn, and nss-util security, bug fix, and enhancement update
2016-04-25 11:11:50
(RHSA-2016:0684) Moderate: nss and nspr security, bug fix, and enhancement update
2016-04-25 00:00:00
ubuntu
ubuntu
NSS vulnerabilities
2015-11-04 00:00:00
Thunderbird vulnerabilities
2016-05-19 00:00:00
NSS vulnerability
2016-03-09 00:00:00
archlinux
archlinux
nss: arbitrary code execution
2015-11-06 00:00:00
centos
centos
nspr, nss security update
2016-04-05 12:27:24
nspr, nss security update
2016-04-25 17:49:11
nspr, nss security update
2016-04-25 13:19:01
amazon
amazon
Medium: nspr, nss-util, nss, nss-softokn
2016-05-18 14:00:00
Critical: nspr, nss-util, nss, jss
2015-11-05 01:58:00
Critical: nss-util
2016-03-10 16:30:00
freebsd
freebsd
NSS -- multiple vulnerabilities
2016-03-08 00:00:00
NSS -- multiple vulnerabilities
2016-01-26 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-05-02 05:43:34
Arbitrary Code Execution
2019-05-02 05:43:35
Denial Of Service (DoS)
2019-01-15 09:08:13
slackware
slackware
[slackware-security] mozilla-nss
2015-11-06 17:08:58
f5
f5
SOL31372672 - Mozilla NSS vulnerabilities CVE-2015-7181, CVE-2015-7182, and CVE-2015-7183
2015-12-09 00:00:00
K31372672 : Mozilla NSS vulnerabilities CVE-2015-7181, CVE-2015-7182, and CVE-2015-7183
2015-12-09 00:00:00
K37540306 : Mozilla Network Security Services use-after-free vulnerability CVE-2016-1978
2016-11-15 00:00:00
mozilla
mozilla
NSS and NSPR memory corruption issues — Mozilla
2015-11-03 00:00:00
Use-after-free in NSS during SSL connections in low memory — Mozilla
2016-01-26 00:00:00
Use-after-free during processing of DER encoded keys in NSS — Mozilla
2016-03-08 00:00:00
prion
prion
Design/Logic Flaw
2016-03-13 18:59:00
Design/Logic Flaw
2015-11-05 05:59:00
Heap overflow
2015-11-05 05:59:00
cve
cve
CVE-2016-1978
2016-03-13 18:59:00
CVE-2015-7181
2015-11-05 05:59:00
CVE-2015-7182
2015-11-05 05:59:00
debiancve
debiancve
CVE-2016-1978
2016-03-13 18:59:00
CVE-2015-7181
2015-11-05 05:59:00
CVE-2015-7182
2015-11-05 05:59:00
ubuntucve
ubuntucve
CVE-2015-7181
2015-11-04 00:00:00
CVE-2016-1978
2016-03-13 00:00:00
CVE-2015-7182
2015-11-04 00:00:00
mageia
mageia
Updated nss packages fix CVE-2016-1950
2016-03-16 21:07:23

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for OSV:DLA-480-1
openvas49nessus55debian3osv2ibm16oraclelinux7symantec2redhat9ubuntu3archlinux1centos7amazon3freebsd2veracode6slackware1f58mozilla4prion5cve5debiancve5ubuntucve5mageia1