Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2994-1
HistoryJul 31, 2014 - 12:00 a.m.

nss - security update

2014-07-3100:00:00
Google
osv.dev
7

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Several vulnerabilities have been discovered in nss, the Mozilla Network
Security Service library:

  • CVE-2013-1741
    Runaway memset in certificate parsing on 64-bit computers leading to
    a crash by attempting to write 4Gb of nulls.
  • CVE-2013-5606
    Certificate validation with the verifylog mode did not return
    validation errors, but instead expected applications to determine
    the status by looking at the log.
  • CVE-2014-1491
    Ticket handling protection mechanisms bypass due to the lack of
    restriction of public values in Diffie-Hellman key exchanges.
  • CVE-2014-1492
    Incorrect IDNA domain name matching for wildcard certificates could
    allow specially-crafted invalid certificates to be considered as
    valid.

For the stable distribution (wheezy), these problems have been fixed in
version 2:3.14.5-1+deb7u1.

For the testing distribution (jessie), and the unstable distribution (sid),
these problems have been fixed in version 2:3.16-1.

We recommend that you upgrade your nss packages.

Related

osv 1
openvas 77
debian 2
nessus 40
fedora 30
suse 1
ubuntu 2
oraclelinux 6
mageia 1
mozilla 2
securityvulns 2
ubuntucve 4
prion 4
cve 4
debiancve 4
redhat 4
centos 4
seebug 1
slackware 1
veracode 4
intothesymmetry 1
amazon 2
f5 1
ibm 1
osv
osv
nss - security update
2014-07-31 00:00:00
openvas
openvas
Debian Security Advisory DSA 2994-1 (nss - security update)
2014-07-31 00:00:00
Debian: Security Advisory (DLA-23-1)
2023-03-08 00:00:00
Debian: Security Advisory (DSA-2994-1)
2014-07-30 00:00:00
debian
debian
[DLA 23-1] nss security update
2014-07-31 11:23:33
[SECURITY] [DSA 2994-1] nss security update
2014-07-31 11:51:32
nessus
nessus
Debian DLA-23-1 : nss security update
2015-03-26 00:00:00
Debian DSA-2994-1 : nss - security update
2014-08-01 00:00:00
Oracle iPlanet Web Server 7.0.x < 7.0.20 Multiple Vulnerabilities
2014-07-18 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: nss-3.15.3.1-1.fc19
2014-01-05 12:35:19
[SECURITY] Fedora 19 Update: nss-softokn-3.15.3-1.fc19
2013-12-15 03:36:48
[SECURITY] Fedora 20 Update: nss-util-3.15.3-1.fc20
2013-12-14 02:52:25
suse
suse
Security update for mozilla-nspr, mozilla-nss (important)
2013-12-02 20:04:14
ubuntu
ubuntu
NSS vulnerabilities
2013-11-18 00:00:00
NSS vulnerability
2014-04-02 00:00:00
oraclelinux
oraclelinux
nss, nss-util, and nss-softokn security, bug fix, and enhancement update
2014-12-02 00:00:00
nss and nspr security, bug fix, and enhancement update
2013-12-05 00:00:00
nss, nspr, and nss-util security update
2013-12-12 00:00:00
mageia
mageia
Updated firefox, rootcerts, nspr & nss packages fix security vulnerabilities
2013-11-21 00:54:49
mozilla
mozilla
Miscellaneous Network Security Services (NSS) vulnerabilities — Mozilla
2013-11-15 00:00:00
Incorrect IDNA domain name matching for wildcard certificates — Mozilla
2014-04-29 00:00:00
securityvulns
securityvulns
Mozilla nss security vulnerabilities
2013-11-26 00:00:00
[ MDVSA-2014:066 ] nss
2014-03-24 00:00:00
ubuntucve
ubuntucve
CVE-2013-5606
2013-11-14 00:00:00
CVE-2013-1741
2013-11-14 00:00:00
CVE-2014-1491
2014-02-05 00:00:00
prion
prion
Design/Logic Flaw
2013-11-18 05:23:00
Integer overflow
2013-11-18 05:23:00
Design/Logic Flaw
2014-03-25 13:25:00
cve
cve
CVE-2013-5606
2013-11-18 05:23:00
CVE-2014-1491
2014-02-06 05:44:00
CVE-2013-1741
2013-11-18 05:23:00
debiancve
debiancve
CVE-2013-5606
2013-11-18 05:23:00
CVE-2014-1492
2014-03-25 13:25:00
CVE-2014-1491
2014-02-06 05:44:00
redhat
redhat
(RHSA-2014:1246) Moderate: nss and nspr security, bug fix, and enhancement update
2014-09-16 00:00:00
(RHSA-2014:1073) Low: nss, nss-util, nss-softokn security, bug fix, and enhancement update
2014-08-18 00:00:00
(RHSA-2013:1791) Important: nss and nspr security, bug fix, and enhancement update
2013-12-05 00:00:00
centos
centos
nss security update
2014-09-30 11:21:57
nss security update
2014-08-18 21:47:41
nspr, nss security update
2013-12-13 00:04:31
seebug
seebug
Mozilla Network Security Services 'p12creat.c'内存破坏漏洞
2014-03-25 00:00:00
slackware
slackware
[slackware-security] mozilla-nss
2014-03-28 22:54:39
veracode
veracode
Man-in-the-Middle Attack
2019-05-02 05:03:48
Denial Of Service (DoS)
2019-05-02 05:00:20
Authentication Bypass
2019-05-02 05:00:22
intothesymmetry
intothesymmetry
Small subgroup attack in Mozilla NSS
2015-12-22 13:29:00
amazon
amazon
Important: nspr
2013-12-17 21:31:00
Important: nss
2013-12-17 21:31:00
f5
f5
SOL16716 - Multiple Mozilla NSS vulnerabilities
2015-06-05 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Network Security Services (NSS) and Netscape Portable Runtime (NSPR) affect IBM SAN Volume Controller and Storwize Family (CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545)
2023-03-29 01:48:02

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for OSV:DSA-2994-1
osv1openvas77debian2nessus40fedora30suse1ubuntu2oraclelinux6mageia1mozilla2securityvulns2ubuntucve4prion4cve4debiancve4redhat4centos4seebug1slackware1veracode4intothesymmetry1amazon2f51ibm1