MiracleLinux 7 : nss-3.28.4-12.el7 (AXSA:2017-2308:05)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-2308:05 advisory. A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw ...

Mageia: Security Advisory (MGASA-2018-0018)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox Security Advisory (MFSA2017-21) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

Security Bulletin: Vulnerability in NSS affects Power Hardware Management Console (CVE-2017-7805)

Summary NSS is used by Power Hardware Management Console HMC. HMC has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2017-7805 DESCRIPTION: Potential use-after-free in TLS 1.2 server when verifying client authentication A use-after-free flaw was found in the TLS 1.2 implementation...

SUSE: Security Advisory (SUSE-SU-2017:2872-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2017:2688-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2017-1247)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2017-1246)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM MQ Appliance is affected by a Network Security Services (NSS) vulnerability (CVE-2017-7805)

Summary IBM MQ Appliance has addressed a vulnerability in Network Security Services NSS. Vulnerability Details CVEID: CVE-2017-7805 DESCRIPTION: Network Security Services could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in TLS 1.2 generating...

NewStart CGSL MAIN 4.05 : nss Vulnerability (NS-SA-2019-0112)

The remote NewStart CGSL host, running version MAIN 4.05, has nss packages installed that are affected by a vulnerability: - A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an...

EulerOS Virtualization for ARM 64 3.0.1.0 : nss (EulerOS-SA-2019-1397)

According to the versions of the nss packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero...

Virtuozzo 6 : nss / nss-devel / nss-pkcs11-devel / nss-sysinit / etc (VZLSA-2017-2832)

An update for nss is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

Security Bulletin: IBM Security Access Manager Appliance is affected by a vulnerability in NSS (CVE-2017-7805)

Summary IBM Security Access Manager Appliance has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2017-7805 DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in TLS 1.2 generating handshake hashes...

CVE-2017-7805

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer...

CVE-2017-7805

CVE-2017-7805 is a use-after-free vulnerability in the NSS TLS 1.2 implementation where handshake hashes can reference a freed buffer, potentially crashing the application and enabling arbitrary code execution. Public sources consistently tie the issue to NSS and Firefox/Thunderbird components, n...

CVE-2017-7805

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer...

Solaris 10 (sparc) : 119213-37

NSSNSPRJSS 3.34: NSPR 4.17 / NSS 3.34 /. Date this patch was last updated by Sun : May/16/18 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'compat.inc'; if description scriptid109911; scriptversion"1.8";...

Updated iceape packages fix security vulnerabilities

Updated iceape packages include security fixes from upstream Seamonkey and Firefox: Multiple flaws were found in the way Iceape 2.48 processes various types of web content, where loading a web page containing malicious content could cause Iceape to crash, execute arbitrary code, or disclose...

SUSE SLES11 Security Update : MozillaFirefox, mozilla-nss (SUSE-SU-2017:2872-2)

This update for MozillaFirefox and mozilla-nss fixes the following issues: Mozilla Firefox was updated to ESR 52.4 bsc1060445 - MFSA 2017-22/CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces - MFSA 2017-22/CVE-2017-7805: Use-after-free in TLS 1.2 generating...

Debian DSA-4014-1 : thunderbird - security update

Multiple security issues have been found in Thunderbird, which may lead to the execution of arbitrary code or denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4014. The...