SUSE SLES12 Security Update : compat-openssl098 (SUSE-SU-2015:0553-1)

OpenSSL was updated to fix various security issues. Following security issues were fixed : - CVE-2015-0209: A Use After Free following d2iECPrivatekey error was fixed which could lead to crashes for attacker supplied Elliptic Curve keys. This could be exploited over SSL connections with client...

CVE-2018-18702

spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=importrule because the upfile content is base64 decoded, deserialized, and used for database insertion...

WordPress FV Flowplayer 7.2.0.727 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Reflected XSS in FV Flowplayer Wordpress plugin ================================================================ Author: Janek Vind "waraxe" Date: 20. September 2018 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-107.html Target...

RHEL 5 : nss (RHSA-2017:1101)

An update for nss is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Security Bulletin: IBM Security Access Manager Appliance is affected by a Network Security Services (NSS) vulnerability (CVE-2017-5461)

Summary IBM Security Access Manager Appliance has addressed the following vulnerability in the Network Security Services NSS library. Vulnerability Details CVEID: CVE-2017-5461 DESCRIPTION: Mozilla Firefox could allow a remote attacker to execute arbitrary code on the system, caused by an...

Exim SMTP Mail Server Buffer Overflow Vulnerability

Exim is a MTA Mail Transfer Agent, Mail Transfer Agent server software, which is developed under the GPL and is open source software. The software mainly runs on UNIX-like systems. Usually the software will be used with Dovecot or Courier and other software. A buffer overflow vulnerability exists...

Exim SMTP server RCE via base64d

Exim SMTP email server versions before 4.90 are vulnerable to remote code execution via a vulnerability in Base64 decoding. Recent assessments: asoto-r7 at June 25, 2019 6:25pm UTC reported: There are a few PoCs for this one. Exim is a bear to setup and I wouldn’t be shocked to find unpatched...

USN-3372-1: NSS vulnerability

It was discovered that NSS incorrectly handled certain empty SSLv2 messages. A remote attacker could possibly use this issue to cause NSS to crash, resulting in a denial of service. CVE-2017-7502 Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable t...

[ASA-201705-21] lib32-nss: arbitrary code execution

Arch Linux Security Advisory ASA-201705-21 ========================================== Severity: Critical Date : 2017-05-29 CVE-ID : CVE-2017-5461 Package : lib32-nss Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-248 Summary ======= The package lib32-nss...

EulerOS 2.0 SP1 : nss, nss-util (EulerOS-SA-2017-1075)

According to the version of the nss, nss-util packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create...

EulerOS 2.0 SP2 : nss, nss-util (EulerOS-SA-2017-1076)

According to the version of the nss, nss-util packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create...

Ubuntu 14.04 LTS / 16.04 LTS : NSS vulnerabilities (USN-3270-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3270-1 advisory. Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker...

Amazon Linux AMI : nss / nss-util (ALAS-2017-825)

An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an...

Ubuntu: Security Advisory (USN-3270-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3270-1: NSS vulnerabilities

Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key...

Critical: nss, nss-util

Issue Overview: An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the...

Scientific Linux Security Update : nss-util on SL6.x, SL7.x x86_64 (20170420)

Security Fixes : - An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of th...

FreeBSD : NSS -- multiple vulnerabilities (4cb165f0-6e48-423e-8147-92255d35c0f7)

Mozilla Foundation reports : An out-of-bounds write during Base64 decoding operation in the Network Security Services NSS library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to addres...

nss: Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c (MFSA 2017-10)

An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an...

Critical: Red Hat Security Advisory: nss-util security update

An update for nss-util is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise Linux 6.6...