Critical: Red Hat Security Advisory: nss security update

An update for nss is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

nss: Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c (MFSA 2017-10)

An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an...

Critical: Red Hat Security Advisory: nss security update

An update for nss is now available for Red Hat Enterprise Linux 5.9 Long Life. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

RHEL 5 : nss (RHSA-2017:1103)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:1103 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...

[ASA-201704-4] nss: arbitrary code execution

Arch Linux Security Advisory ASA-201704-4 ========================================= Severity: Critical Date : 2017-04-20 CVE-ID : CVE-2017-5461 Package : nss Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-247 Summary ======= The package nss before version...

NSS -- multiple vulnerabilities

Mozilla Foundation reports: An out-of-bounds write during Base64 decoding operation in the Network Security Services NSS library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address...

D-Link '/improtexport.php' Multiple Series Products SQL Injection Vulnerability

D-Link DAR-8000-X series and DAR-7000-x series Internet Access Behavior Audit Gateways provide Internet access behavior management solutions. An SQL injection vulnerability exists in several D-Link series products. The vulnerability generates a file in /improtexport.php, where previous defenses a...

Multiple EMC RSA Products ESA-2015-081 Multiple Security Vulnerabilities

受影响的产品： RSA BSAFE Micro Edition Suite MES all 4.1.x versions prior to 4.1.3 RSA BSAFE Micro Edition Suite MES all 4.0.x versions prior to 4.0.8 RSA BSAFE Crypto-C Micro Edition Crypto-C ME 4.1 RSA BSAFE Crypto-C Micro Edition Crypto-C ME all versions prior to 4.0.4 RSA BSAFE Crypto-J all versions...

CVE-2015-0537

Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition Crypto-C ME before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows remote attackers to cause a denial of service...

Integer overflow

Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition Crypto-C ME before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows remote attackers to cause a denial of service...

CVE-2015-0537

Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite MES 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition Crypto-C ME before 4.0.4 and 4.1, and RSA BSAFE SSL-C 2.8.9 and earlier allows remote attackers to cause a denial of service...

openssl: integer underflow leading to buffer overflow in base64 decoding

An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input such as a PEM file could use this flaw to cause the application to...

openssl: integer underflow leading to buffer overflow in base64 decoding

An integer underflow flaw, leading to a buffer overflow, was found in the way OpenSSL decoded malformed Base64-encoded inputs. An attacker able to make an application using OpenSSL decode a specially crafted Base64-encoded input such as a PEM file could use this flaw to cause the application to...

OpenSSL 'EVP_DecodeUpdate' Denial of Service Vulnerability

OpenSSL is an open source implementation of SSL used to enable strong encryption of network communications and is now widely used in a variety of web applications. A denial of service vulnerability exists in OpenSSL. Due to an integer underflow within the EVPDecodeUpdate function located within...

Debian DSA-3197-1 : openssl - security update

Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues : - CVE-2015-0286 Stephen Henson discovered that the ASN1TYPEcmp function can be crashed, resulting in denial of service. -...

SuSE 11.3 Security Update : OpenSSL (SAT Patch Number 10470)

OpenSSL has been updated to fix various security issues : - A segmentation fault in ASN1TYPEcmp was fixed that could be exploited by attackers when e.g. client authentication is used. This could be exploited over SSL connections. CVE-2015-0286 - A ASN.1 structure reuse memory corruption was fixed...

CVE-2015-0292

Integer underflow in the EVPDecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact v...

CVE-2015-0292

Integer underflow in the EVPDecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact v...

USN-2537-1 openssl vulnerabilities

It was discovered that OpenSSL incorrectly handled malformed EC private key files. A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service, or execute arbitrary code. CVE-2015-0209 Stephen Henson discovered that OpenSSL incorrectly handled...

Debian Security Advisory DSA 3197-1 (openssl - security update)

Multiple vulnerabilities have been discovered in OpenSSL, a Secure Sockets Layer toolkit. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2015-0286 Stephen Henson discovered that the ASN1TYPEcmp function can be crashed, resulting in denial of service...