Download
| Alert*
oval:org.secpod.oval:def:64177
nss: Network Security Service library NSS could be made to expose sensitive information. oval:org.secpod.oval:def:66565 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a la ... oval:org.secpod.oval:def:66724 Several vulnerabilities were discovered in libnss3-dev, a set of cryptographic libraries, which may result in side channel/timing attacks or denial of service. oval:org.secpod.oval:def:64650 The host is missing a high severity security update according to Mozilla advisory, MFSA2020-29. The update is required to fix an multiple vulnerabilities. The flaws are present in the application, which fails to handle an unknown vector. Successful exploitation can cause unspecified impact. oval:org.secpod.oval:def:503837 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a la ... oval:org.secpod.oval:def:89050380 This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing . - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster . - CVE-2020-12417: Memory corruption due to mis ... oval:org.secpod.oval:def:118547 NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing and calendar time, basic memory management and shared library linking. oval:org.secpod.oval:def:118556 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:118497 NSPR provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing and calendar time, basic memory management and shared library linking. oval:org.secpod.oval:def:118490 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:64057 The host is missing a high severity security update according to Mozilla advisory, MFSA2020-24. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple vectors. Successful exploitation can cause multiple impacts. oval:org.secpod.oval:def:64058 Mozilla Firefox 78 : During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the re ... oval:org.secpod.oval:def:64649 The host is missing a high severity security update according to Mozilla advisory, MFSA2020-29. The update is required to fix an multiple vulnerabilities. The flaws are present in the application, which fails to handle an unknown vector. Successful exploitation can cause unspecified impact. oval:org.secpod.oval:def:89000440 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation . - CVE-2020-12399: Fixed a timing attack on DSA signature generation . - CVE-2019-17006: Added length che ... oval:org.secpod.oval:def:89000335 This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing . - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster . - CVE-2020-12417: Memory corruption due to mis ... oval:org.secpod.oval:def:2500071 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. oval:org.secpod.oval:def:1503012 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89000070 This update for mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2020-12402: Fixed a potential side channel attack during RSA key generation - Fixed various FIPS issues in libfreebl3 which were causing segfaults in the test suite of chrony . oval:org.secpod.oval:def:705537 nss: Network Security Service library NSS could be made to expose sensitive information. oval:org.secpod.oval:def:89000366 This update for MozillaFirefox to version 78.0.1 ESR fixes the following issues: Security issues fixed: - CVE-2020-12415: AppCache manifest poisoning due to url encoded character processing . - CVE-2020-12416: Use-after-free in WebRTC VideoBroadcaster . - CVE-2020-12417: Memory corruption due to mis ... oval:org.secpod.oval:def:604928 Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in side channel/timing attacks or denial of service. oval:org.secpod.oval:def:63983 The host is missing a high severity security update according to Mozilla advisory, MFSA2020-24. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple vectors. Successful exploitation can cause multiple impacts. oval:org.secpod.oval:def:63985 Mozilla Firefox 78, Mozilla Thunderbird 78: During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record t ... oval:org.secpod.oval:def:1601451 When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services library. This could lead to information disclosure. This vulnerability affects Firefox ESR A vulnerability exists where it possible to fo ... oval:org.secpod.oval:def:205683 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a la ... oval:org.secpod.oval:def:504315 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a la ... oval:org.secpod.oval:def:1503056 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:89003011 This update for mozilla-nspr, mozilla-nss fixes the following issues: mozilla-nss was updated to version 3.53.1 - CVE-2019-11745: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate - CVE-2020-12402: Fixed a potential side channel attack during RSA key ... oval:org.secpod.oval:def:205674 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a la ... oval:org.secpod.oval:def:205675 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a la ... oval:org.secpod.oval:def:1700469 When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services library. This could lead to information disclosure. This vulnerability affects Firefox ESR CVE-2019-11719 (NSS oval:org.secpod.oval:def:205676 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a la ... oval:org.secpod.oval:def:205857 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a la ... oval:org.secpod.oval:def:2106197 Oracle Solaris 11 - ( CVE-2019-11734 ) |