324 matches found
CVE-2023-0767
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...
CVE-2023-0767
CVE-2023-0767 describes a vulnerability where an attacker could construct a PKCS#12 cert bundle in a way that mishandles Safe Bag attributes, enabling arbitrary memory writes. Affected software: Firefox < 110, Thunderbird < 102.8, and Firefox ESR
CVE-2023-0767
An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...
GLSA-202305-36 : Mozilla Thunderbird: Multiple Vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202305-36 Mozilla Thunderbird: Multiple Vulnerabilities - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can temporarily...
UNISOC Chipsets 安全漏洞
UNISOC Chipsets is a chipset from China's Purple Spreadtrum UNISOC. A security vulnerability exists in the UNISOC Chipsets soter service module, which stems from a lack of boundary checking, resulting in out-of-bounds writes...
UNISOC Chipsets 缓冲区错误漏洞
UNISOC Chipsets is a chipset from China's Unisplendour UNISOC. A security vulnerability exists in the UNISOC Chipsets spipe drive module, which stems from a lack of boundary checking, leading to out-of-bounds writes...
CVE-2023-27968
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory...
Linux kernel 资源管理错误漏洞
The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel that stems from mishandling of anonymous sets and post-release reuse in Netfilter nftables when processing batch requests, which can be abused to...
Amazon Linux AMI : nss (ALAS-2023-1736)
The version of nss installed on the remote host is prior to 3.53.1-7.88. It is, therefore, affected by a vulnerability as referenced in the ALAS-2023-1736 advisory. firefox-esr , thunderbird and nss only are affected by this package. CVE-2023-0767 Tenable has extracted the preceding description...
Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.6.2.5)
The version of AOS installed on the remote host is prior to 6.6.2.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.6.2.5 advisory. - zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header...
CLSA-2023-1681328662 Fix CVE(s): CVE-2023-0767
SECURITY UPDATE: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled - debian/patches/CVE-2023-0767.patch: improve handling of unknown PKCS12 safe bag types - CVE-2023-0767...
Oracle Linux 6 : nss (ELSA-2023-12238)
The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12238 advisory. - Back port nss security update CVE-2023-0767 Orabug: 35205543 - Fix CVE-2021-43527 Orabug: 33627334 - Backport upstream fix for CVE-2018-12384 - Resolves: Bug...
CBL Mariner 2.0 Security Update: libxslt / libxml2 (CVE-2022-29824)
The version of libxslt / libxml2 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-29824 advisory. - In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer...
Mageia: Security Advisory (MGASA-2023-0056)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
nss: Arbitrary memory write via PKCS 12
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled...
nss: Arbitrary memory write via PKCS 12
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled...
RHEL 9 : nss (RHSA-2023:1368)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1368 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...
RHEL 8 : nss (RHSA-2023:1406)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1406 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...
RHEL 9 : nss (RHSA-2023:1365)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1365 advisory. Network Security Services NSS is a set of libraries designed to support the cross-platform development of security-enabled client and server...
CentOS 7 : nss (RHSA-2023:1332)
The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:1332 advisory. - An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled...