290 matches found
[ASA-201705-21] lib32-nss: arbitrary code execution
Arch Linux Security Advisory ASA-201705-21 ========================================== Severity: Critical Date : 2017-05-29 CVE-ID : CVE-2017-5461 Package : lib32-nss Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-248 Summary ======= The package lib32-nss...
EulerOS 2.0 SP2 : nss, nss-util (EulerOS-SA-2017-1076)
According to the version of the nss, nss-util packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create...
EulerOS 2.0 SP1 : nss, nss-util (EulerOS-SA-2017-1075)
According to the version of the nss, nss-util packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create...
Amazon Linux AMI : nss / nss-util (ALAS-2017-825)
An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an...
Ubuntu: Security Advisory (USN-3270-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS / 16.04 LTS : NSS vulnerabilities (USN-3270-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3270-1 advisory. Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker...
USN-3270-1: NSS vulnerabilities
Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key...
Critical: nss, nss-util
Issue Overview: An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the...
Scientific Linux Security Update : nss-util on SL6.x, SL7.x x86_64 (20170420)
Security Fixes : - An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of th...
FreeBSD : NSS -- multiple vulnerabilities (4cb165f0-6e48-423e-8147-92255d35c0f7)
Mozilla Foundation reports : An out-of-bounds write during Base64 decoding operation in the Network Security Services NSS library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to addres...
nss: Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c (MFSA 2017-10)
An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an...
Critical: Red Hat Security Advisory: nss-util security update
An update for nss-util is now available for Red Hat Enterprise Linux 6.2 Advanced Update Support, Red Hat Enterprise Linux 6.4 Advanced Update Support, Red Hat Enterprise Linux 6.5 Advanced Update Support, Red Hat Enterprise Linux 6.5 Telco Extended Update Support, Red Hat Enterprise Linux 6.6...
Critical: Red Hat Security Advisory: nss security update
An update for nss is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
nss: Write beyond bounds caused by bugs in Base64 de/encoding in nssb64d.c and nssb64e.c (MFSA 2017-10)
An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an...
Critical: Red Hat Security Advisory: nss security update
An update for nss is now available for Red Hat Enterprise Linux 5.9 Long Life. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...
RHEL 5 : nss (RHSA-2017:1103)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2017:1103 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...
[ASA-201704-4] nss: arbitrary code execution
Arch Linux Security Advisory ASA-201704-4 ========================================= Severity: Critical Date : 2017-04-20 CVE-ID : CVE-2017-5461 Package : nss Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-247 Summary ======= The package nss before version...
NSS -- multiple vulnerabilities
Mozilla Foundation reports: An out-of-bounds write during Base64 decoding operation in the Network Security Services NSS library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address...
D-Link '/improtexport.php' Multiple Series Products SQL Injection Vulnerability
D-Link DAR-8000-X series and DAR-7000-x series Internet Access Behavior Audit Gateways provide Internet access behavior management solutions. An SQL injection vulnerability exists in several D-Link series products. The vulnerability generates a file in /improtexport.php, where previous defenses a...
Multiple EMC RSA Products ESA-2015-081 Multiple Security Vulnerabilities
受影响的产品: RSA BSAFE Micro Edition Suite MES all 4.1.x versions prior to 4.1.3 RSA BSAFE Micro Edition Suite MES all 4.0.x versions prior to 4.0.8 RSA BSAFE Crypto-C Micro Edition Crypto-C ME 4.1 RSA BSAFE Crypto-C Micro Edition Crypto-C ME all versions prior to 4.0.4 RSA BSAFE Crypto-J all versions...