Download
| Alert*
|
oval:org.secpod.oval:def:40407
The host is missing a critical security update according to Mozilla advisory, MFSA2017-13. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:2103205 Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. ... oval:org.secpod.oval:def:40092 The host is missing a critical security update according to Mozilla advisory, MFSA2017-11. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:40093 The host is missing a critical security update according to Mozilla advisory, MFSA2017-12. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:40131 The host is missing a critical security update according to Mozilla advisory, MFSA2017-11. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:40132 The host is missing a critical security update according to Mozilla advisory, MFSA2017-12. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:40130 The host is missing a critical security update according to Mozilla advisory, MFSA2017-10. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:2100906 A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerabilit ... oval:org.secpod.oval:def:1800751 CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP CVE-2017-5401: Memory Corruption when handling ErrorResult CVE-2017-5402: Use-after-free working with events in FontFace objects CVE-2017-5404: Use-after-free working with ranges in selections CVE-2017-5407: Pixel and history stealing via floati ... oval:org.secpod.oval:def:89044698 This update for MozillaFirefox and mozilla-nss fixes the following issues: Security issues fixed: - Fixes in Firefox ESR 52.2 - CVE-2017-7758: Out-of-bounds read in Opus encoder - CVE-2017-7749: Use-after-free during docshell reloading - CVE-2017-7751: Use-after-free with content viewer listeners - ... oval:org.secpod.oval:def:2100396 Stack-based buffer overflow in the evutil_parse_sockaddr_port function in evutil.c in libevent before 2.1.6-beta allows attackers to cause a denial of service (segmentation fault) via vectors involving a long string in brackets in the ip_as_string argument. oval:org.secpod.oval:def:204482 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer ... oval:org.secpod.oval:def:204481 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer ... oval:org.secpod.oval:def:204487 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer ... oval:org.secpod.oval:def:204486 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer ... oval:org.secpod.oval:def:1800257 Mozilla Network Security Services before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect base64 operations. oval:org.secpod.oval:def:89044872 The MozillaFirefox was updated to the new ESR 52.2 release, which fixes the following issues : * MFSA 2017-16/CVE-2017-7758 Out-of-bounds read in Opus encoder * MFSA 2017-16/CVE-2017-7749 Use-after-free during docshell reloading * MFSA 2017-16/CVE-2017-7751 Use-after-free with content viewer listene ... oval:org.secpod.oval:def:40114 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploita ... oval:org.secpod.oval:def:703569 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:602854 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service. oval:org.secpod.oval:def:51774 firefox: Mozilla Open Source web browser Firefox could be made to crash or run programs as your login if it opened a malicious website. oval:org.secpod.oval:def:1800455 Mozilla Network Security Services before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect base64 operations. oval:org.secpod.oval:def:602916 Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service or information disclosure. oval:org.secpod.oval:def:51794 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:1600696 An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an appl ... oval:org.secpod.oval:def:1501841 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501842 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501849 An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an appl ... oval:org.secpod.oval:def:502025 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer ... oval:org.secpod.oval:def:703609 thunderbird: Mozilla Open Source mail and newsgroup client Several security issues were fixed in Thunderbird. oval:org.secpod.oval:def:89044611 Mozilla Firefox was updated to the Firefox ESR release 45.9. Mozilla NSS was updated to support TLS 1.3 and various new ciphers, PRFs, Diffie Hellman key agreement and support for more hashes. Security issues fixed in Firefox - MFSA 2017-11/CVE-2017-5469: Potential Buffer overflow in flex-generate ... oval:org.secpod.oval:def:89044839 Mozilla Firefox was updated to the Firefox ESR release 45.9. Mozilla NSS was updated to support TLS 1.3 and various new ciphers, PRFs, Diffie Hellman key agreement and support for more hashes. Security issues fixed in Firefox - MFSA 2017-11/CVE-2017-5469: Potential Buffer overflow in flex-generate ... oval:org.secpod.oval:def:40402 The host is missing a critical security update according to Mozilla advisory, MFSA2017-13. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:40091 The host is missing a critical security update according to Mozilla advisory, MFSA2017-10. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code o ... oval:org.secpod.oval:def:40075 Mozilla Firefox before 53.0, Thunderbird before 52.1, Firefox ESR before 45.9 or 52.x before 52.1 :- An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploita ... oval:org.secpod.oval:def:51777 nss: Network Security Service library Several security issues were fixed in NSS. oval:org.secpod.oval:def:703578 nss: Network Security Service library Several security issues were fixed in NSS. |
