CVE-2021-43527

NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \7, or PKCS \12 are likely to be impacted. Applications using N...

CVE-2021-43527

NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \7, or PKCS \12 are likely to be impacted. Applications using N...

Ubuntu 16.04 ESM : NSS regression (USN-5168-4)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5168-4 advisory. USN-5168-3 fixed a vulnerability in NSS. Unfortunately that update introduced a regression that could break SSL connections. This update fixes the problem. We...

CVE-2021-43527

NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \7, or PKCS \12 are likely to be impacted. Applications using N...

SUSE SLED12 / SLES12 Security Update : mozilla-nss (SUSE-SU-2021:3939-1)

The remote SUSE Linux SLED12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3939-1 advisory. - NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DS...

SUSE SLED15 / SLES15 Security Update : mozilla-nss (SUSE-SU-2021:3934-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3934-1 advisory. - NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DS...

Slackware Linux 14.0 / 14.1 / 14.2 / current mozilla-nss Vulnerability (SSA:2021-337-01)

The version of mozilla-nss installed on the remote host is prior to 3.23 / 3.40.1 / 3.73. It is, therefore, affected by a vulnerability as referenced in the SSA:2021-337-01 advisory. - NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handli...

Updated nss packages fix security vulnerability

NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS 7, or PKCS 12 are likely to be impacted. Applications using NSS...

Debian DSA-5016-1 : nss - security update

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5016 advisory. Tavis Ormandy discovered that nss, the Mozilla Network Security Service library, is prone to a heap overflow flaw when verifying DSA or RSA-PPS signatures, which coul...

Ubuntu 18.04 LTS / 20.04 LTS : NSS vulnerability (USN-5168-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5168-1 advisory. Tavis Ormandy discovered that NSS incorrectly handled verifying DSA/RSA-PSS signatures. A remote attacker could use this issue to cause NSS to crash,...

Amazon Linux AMI : nss (ALAS-2021-1552)

The version of nss installed on the remote host is prior to 3.53.1-7.87. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1552 advisory. NSS Network Security Services up to and including 3.73 is vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS...

Memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures — Mozilla

NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS 7, or PKCS 12 are likely to be impacted. Applications using NSS...

IT threat evolution Q3 2021

IT threat evolution Q3 2021 IT threat evolution in Q3 2021. PC statistics IT threat evolution in Q3 2021. Mobile statistics Targeted attacks WildPressure targets macOS Last March, we reported a WildPressure campaign targeting industrial-related entities in the Middle East. While tracking this...

API Security Tutorial

Historial API Evolution As per the documented history, the occurrence of web APIs transpired towards the end of 1990 with the launch of Salesforce’s sales automation solution. At that point in time, it was an open resource, awarded to everyone. Salesforce’s automation tool was XML-driven and the...

Threats to ICS and industrial enterprises in 2022

Continuing trends In recent years, we have observed various trends in the changing threat landscape for industrial enterprises, most of which have been evolving for some time. We can say with high confidence that many of these trends will not only continue, but gain new traction in the coming yea...

The dangers of “connected” healthcare: predictions for 2022

For a second consecutive year, the time for Kaspersky to make its predictions for the healthcare sector comes amid the global COVID-19 pandemic. Unfortunately, the virus still dominates most aspects of our lives, and, of course, the pandemic remained the biggest and most-discussed topic in...

This Week in Security News - November 19, 2021

This week, learn about how the QAKBOT Loader malware has evolved its techniques and strategies over time. Also, read about the most recent initiative by the legislation to further cybersecurity protection...

Emotet Resurfaces on the Back of TrickBot After Nearly a Year

Emotet, one of the most prolific and disruptive botnet malware-delivery systems, appears to be making a comeback after nearly a year of inactivity, researchers have found. A team of researchers from Cryptolaemus, G DATA and AdvIntel recently observed the TrickBot trojan launching what appears to ...

evolution, evolution-data-server, evolution-ews bug fix and enhancement update

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section...

evolution, evolution-data-server, evolution-ews bug fix and enhancement update

An update is available for evolution, evolution-ews, evolution-mapi, evolution-data-server. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed...