108 matches found
MiracleLinux 8 : nss-3.67.0-7.el8 (AXSA:2021-2574:07)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2574:07 advisory. nss: Memory corruption in decodeECorDsaSignature with DSA signatures and RSA-PSS CVE-2021-43527 Tenable has extracted the preceding description block directl...
MiracleLinux 4 : nss-3.44.0-7.0.3.AXS4 (AXSA:2021-2578:08)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2578:08 advisory. nss: Memory corruption in decodeECorDsaSignature with DSA signatures and RSA-PSS CVE-2021-43527 Tenable has extracted the preceding description block directl...
MiracleLinux 8 : nss-3.67.0-7.el8.ML.1 (AXSA:2021-2840:09)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2840:09 advisory. nss: Memory corruption in decodeECorDsaSignature with DSA signatures and RSA-PSS CVE-2021-43527 Tenable has extracted the preceding description block directl...
MiracleLinux 7 : nss-3.67.0-4.el7 (AXSA:2021-2573:06)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2573:06 advisory. nss: Memory corruption in decodeECorDsaSignature with DSA signatures and RSA-PSS CVE-2021-43527 Tenable has extracted the preceding description block directl...
Alibaba Cloud Linux 3 : 0081: nss (ALINUX3-SA-2021:0081)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2021:0081 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2021-43527: NSS Network Security Services...
CentOS 9 : nss-3.79.0-14.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the nss-3.79.0-14.el9 build changelog. - NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS...
Huawei EulerOS: Security Advisory for nss (EulerOS-SA-2023-1713)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NewStart CGSL CORE 5.05 / MAIN 5.05 : nss Vulnerability (NS-SA-2023-0010)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has nss packages installed that are affected by a vulnerability: - NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures...
Amazon Linux 2023 : nspr, nspr-devel, nss (ALAS2023-2023-031)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-031 advisory. NSS Network Security Services up to and including 3.73 is vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within...
Amazon Linux 2 : nspr (ALAS-2023-1953)
The version of nspr installed on the remote host is prior to 4.32.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1953 advisory. NSS Network Security Services up to and including 3.73 is vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS...
Amazon Linux 2 : nss-util (ALAS-2023-1954)
The version of nss-util installed on the remote host is prior to 3.67.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1954 advisory. NSS Network Security Services up to and including 3.73 is vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS...
Amazon Linux 2 : nss-softokn (ALAS-2023-1955)
The version of nss-softokn installed on the remote host is prior to 3.67.0-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1955 advisory. NSS Network Security Services up to and including 3.73 is vulnerable to a heap overflow when handling DER-encoded DSA or RSA-P...
K54450124: NSS vulnerability CVE-2021-43527
Security Advisory Description NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \7, or PKCS \12 are likely to be...
Critical: nss-util
Issue Overview: NSS Network Security Services up to and including 3.73 is vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS 7, or PKCS 12 are likely to be impacted. Applications using...
Critical: nspr
Issue Overview: NSS Network Security Services up to and including 3.73 is vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS 7, or PKCS 12 are likely to be impacted. Applications using...
Critical: nss
Issue Overview: NSS Network Security Services up to and including 3.73 is vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS 7, or PKCS 12 are likely to be impacted. Applications using...
Heap overflow
Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS...
CVE-2021-43529
Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS...
CVE-2021-43529
Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA or RSA-PSS...
EulerOS Virtualization 3.0.2.2 : nss (EulerOS-SA-2023-1278)
According to the versions of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA o...