Download
| Alert*
|
oval:org.secpod.oval:def:200378
Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority issued HTTPS certificates with weak keys. This update renders any HTTPS ... oval:org.secpod.oval:def:201434 Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. This erratum blacklists a small number of HTTPS certificates by adding them, flagged as untrusted, to the NSS Builtin Object Token certificate store. Note: This ... oval:org.secpod.oval:def:201658 Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. This erratum blacklists a small number of HTTPS certificates by adding them, flagged as untrusted, to the NSS Builtin Object Token certificate store. Note: This ... oval:org.secpod.oval:def:200429 Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority issued HTTPS certificates with weak keys. This update renders any HTTPS ... oval:org.secpod.oval:def:501169 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. It was found that a subordinate Certificate Authority mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle atta ... oval:org.secpod.oval:def:500032 Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. This erratum blacklists a small number of HTTPS certificates by adding them, flagged as untrusted, to the NSS Builtin Object Token certificate store. Note: This ... oval:org.secpod.oval:def:500167 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority issued ... oval:org.secpod.oval:def:500961 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority mis-is ... oval:org.secpod.oval:def:118160 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:118172 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:116644 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:118174 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:1601221 It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority issued HTTPS certificates with weak keys. This update renders any HTTPS certificates signed by that CA as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signing. Note: Dig ... oval:org.secpod.oval:def:1601348 It was found that a Certificate Authority issued a subordinate CA certificate to its customer, that could be used to issue certificates for any name. This update renders the subordinate CA certificate as untrusted. oval:org.secpod.oval:def:1503245 Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Description Network Security Services is a set of libraries designed to support the development ... oval:org.secpod.oval:def:1503329 Updated nss and nspr packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Description Network Security Services is a set of libraries designed to support the cro ... oval:org.secpod.oval:def:1503179 Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having important security impact. Description Network Security Services is a set of libraries designed to support the development ... oval:org.secpod.oval:def:500228 Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. It was found that the Malaysia-based Digicert Sdn. Bhd. subordinate Certificate Authority issued HTTPS certificates with weak keys. This update renders any HTTPS ... oval:org.secpod.oval:def:500959 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority mis-is ... oval:org.secpod.oval:def:1503888 Updated nss, nss-util, and nspr packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Description Network Security Services is a ... oval:org.secpod.oval:def:501462 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Sig ... oval:org.secpod.oval:def:500819 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority issued ... oval:org.secpod.oval:def:116717 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:500426 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:201834 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:201771 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with th ... oval:org.secpod.oval:def:201906 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. Several flaws were found in the processing of ma ... oval:org.secpod.oval:def:500292 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. Several flaws were found in the processing of ma ... oval:org.secpod.oval:def:201780 Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. Several flaws were found in the processing of ma ... oval:org.secpod.oval:def:1601324 A flaw was found in the way the ASN.1 decoder in NSS handled zero length items. This flaw could cause the decoder to incorrectly skip or replace certain items with a default value, or could cause an application to crash if, for example, it received a specially-crafted OCSP response oval:org.secpod.oval:def:1600940 A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack. oval:org.secpod.oval:def:121888 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:109676 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:109691 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:109928 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:117991 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:66507 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate For more details about the ... oval:org.secpod.oval:def:203070 nss is installed oval:org.secpod.oval:def:202542 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority mis-is ... oval:org.secpod.oval:def:1600181 It was found that a subordinate Certificate Authority mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle attacks. This update renders that particular intermediate certificate as untrusted. oval:org.secpod.oval:def:1500343 Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Network Security Services is a set of libraries designed to support the cross-platform development of ... oval:org.secpod.oval:def:203509 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Sig ... oval:org.secpod.oval:def:117274 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:117730 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:204877 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello For more details about the security issue, including ... oval:org.secpod.oval:def:1500836 Updated nss, nss-util, and nss-softokn packages that contain a patch to mitigate the CVE-2014-3566 issue, fix a number of bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. ... oval:org.secpod.oval:def:202396 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 decoder in ... oval:org.secpod.oval:def:203005 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. It was found that a subordinate Certificate Authority mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle atta ... oval:org.secpod.oval:def:204564 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious cl ... oval:org.secpod.oval:def:1500803 Updated nss, nss-util, and nss-softokn packages that contain a patch to mitigate the CVE-2014-3566 issue, fix a number of bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. ... oval:org.secpod.oval:def:1600230 It was found that a Certificate Authority mis-issued two intermediate certificates to customers. These certificates could be used to launch man-in-the-middle attacks. This update renders those certificates as untrusted. This covers all uses of the certificates, including SSL, S/MIME, and code signi ... oval:org.secpod.oval:def:117699 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:117334 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:1500038 Updated nss, nss-util, and nspr packages that fix one security issue,various bugs, and add enhancements are now available for Red HatEnterprise Linux 6.The Red Hat Security Response Team has rated this update as havingimportant security impact. Network Security Services is a set of libraries design ... oval:org.secpod.oval:def:66565 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a la ... oval:org.secpod.oval:def:121871 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:204510 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a se ... oval:org.secpod.oval:def:500319 Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. A flaw was found in the way NSS matched SSL certificates when the certificates had a Common Name containing a wildcard and a partial IP address. NSS incorrectly ac ... oval:org.secpod.oval:def:1503557 Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the ... oval:org.secpod.oval:def:118618 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:118591 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:503837 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a la ... oval:org.secpod.oval:def:116060 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:202538 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority mis-is ... oval:org.secpod.oval:def:202397 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 decoder in ... oval:org.secpod.oval:def:202369 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was found that a Certificate Authority issued ... oval:org.secpod.oval:def:203007 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. It was found that a subordinate Certificate Authority mis-issued an intermediate certificate, which could be used to conduct man-in-the-middle atta ... oval:org.secpod.oval:def:203504 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Sig ... oval:org.secpod.oval:def:204511 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a se ... oval:org.secpod.oval:def:204562 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious cl ... oval:org.secpod.oval:def:204887 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello For more details about the security issue, including ... oval:org.secpod.oval:def:506032 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: TLS 1.3 CCS flood remote DoS Attack For more details about the security issue, including the impact, a CVSS score, acknowledgm ... oval:org.secpod.oval:def:200347 Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. Several flaws were found in the way malformed ... oval:org.secpod.oval:def:500611 Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. Several flaws were found in the way malformed ... oval:org.secpod.oval:def:200634 Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. Several flaws were found in the way malformed ... oval:org.secpod.oval:def:119058 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:4500055 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a la ... oval:org.secpod.oval:def:2500469 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. oval:org.secpod.oval:def:1504857 [3.53.1-7] - Fix HSM load failure because of CKO_Profile - Allow builds with strict-proto [3.53.1-6] - Update to CVE 2020-256423 TLS flood DOS attack patch. [3.53.1-5] - Fix CVE 2020-256423 TLS flood DOS Attack. [3.53.1-4] - Fix deadlock issue - Fix 3 FTBS issues, 2 expired certs, one semantic chang ... oval:org.secpod.oval:def:500847 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 decoder in ... oval:org.secpod.oval:def:500848 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way the ASN.1 decoder in ... oval:org.secpod.oval:def:1503777 Updated nss, nss-util, and nspr packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base ... oval:org.secpod.oval:def:501086 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was discovered that NSS leaked timing informat ... oval:org.secpod.oval:def:1500200 Updated nss and nspr packages that fix two security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System base scores, which give d ... oval:org.secpod.oval:def:202908 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. nss-softokn provides an NSS softoken cryptographi ... oval:org.secpod.oval:def:202910 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. It was discovered that NSS leaked timing informat ... oval:org.secpod.oval:def:501074 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. nss-softokn provides an NSS softoken cryptographi ... oval:org.secpod.oval:def:1500049 Updated nss and nspr packages that fix one security issue, various bugs,and add enhancements are now available for Red Hat Enterprise Linux 5.The Red Hat Security Response Team has rated this update as havingimportant security impact. Network Security Services is a set of libraries designed to supp ... oval:org.secpod.oval:def:1500241 Updated nss, nss-util, nss-softokn, and nspr packages that fix two security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System b ... oval:org.secpod.oval:def:1600263 It was discovered that NSS leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL or DTLS server as a padding orac ... oval:org.secpod.oval:def:1600038 A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining mode. This flaw allows a man-in-the-middle attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim applic ... oval:org.secpod.oval:def:203508 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Sig ... oval:org.secpod.oval:def:1500348 Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Network Security Services is a set of libraries designed to support the cross-platform development of ... oval:org.secpod.oval:def:1600172 A flaw was found in the way NSS parsed ASN.1 input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. oval:org.secpod.oval:def:108209 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:203440 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 inp ... oval:org.secpod.oval:def:203449 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 inp ... oval:org.secpod.oval:def:203439 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 inp ... oval:org.secpod.oval:def:1500735 Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fro ... oval:org.secpod.oval:def:1500738 Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fro ... oval:org.secpod.oval:def:1500862 Updated nss, nss-util, and nss-softokn packages that contain a patch to mitigate the CVE-2014-3566 issue, fix a number of bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. ... oval:org.secpod.oval:def:1500740 Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fro ... oval:org.secpod.oval:def:501393 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 inp ... oval:org.secpod.oval:def:501397 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 inp ... oval:org.secpod.oval:def:501637 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. It was found that NSS permitted skipping of the ServerKeyExchange packet during a handshake involving ECDHE . A remote attacker could use this flaw to b ... oval:org.secpod.oval:def:203697 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. It was found that NSS permitted skipping of the ServerKeyExchange packet during a handshake involving ECDHE . A remote attacker could use this flaw to b ... oval:org.secpod.oval:def:204487 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer ... oval:org.secpod.oval:def:204486 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer ... oval:org.secpod.oval:def:1501118 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. It was found that NSS permitted skipping of the ServerKeyExchange packet during a handshake involving ECDHE . A remote attacker could use this flaw to b ... oval:org.secpod.oval:def:1600720 Null pointer dereference when handling empty SSLv2 messages:A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a server application compiled against the NSS library oval:org.secpod.oval:def:1501849 An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an appl ... oval:org.secpod.oval:def:502025 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer ... oval:org.secpod.oval:def:502146 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious cl ... oval:org.secpod.oval:def:502043 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a se ... oval:org.secpod.oval:def:502044 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * A null pointer dereference flaw was found in the way NSS handled empty SSLv2 messages. An attacker could use this flaw to crash a se ... oval:org.secpod.oval:def:1501884 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501888 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1600790 Potential use-after-free in TLS 1.2 server when verifying client authentication:A use-after-free flaw was found in the TLS 1.2 implementation in the NSS library when client authentication was used. A malicious client could use this flaw to cause an application compiled against NSS to crash or, poten ... oval:org.secpod.oval:def:1502006 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1600696 An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an appl ... oval:org.secpod.oval:def:1502016 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501841 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501842 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:115114 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:502370 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello For more details about the security issue, including ... oval:org.secpod.oval:def:1700087 A flaw was found in the way NSS responded to an SSLv2-compatible ClientHello with a ServerHello that had an all-zero random. A man-in-the-middle attacker could use this flaw in a passive replay attack. oval:org.secpod.oval:def:115618 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:115609 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:115073 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:502363 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello For more details about the security issue, including ... oval:org.secpod.oval:def:1502322 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:115946 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:205274 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a la ... oval:org.secpod.oval:def:503254 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a la ... oval:org.secpod.oval:def:69589 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: Side channel attack on ECDSA signature generation * nss: P-384 and P-521 implementation uses a side-channel vulnerable modular ... oval:org.secpod.oval:def:4501379 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: Side channel attack on ECDSA signature generation * nss: P-384 and P-521 implementation uses a side-channel vulnerable modular ... oval:org.secpod.oval:def:1504641 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:2500498 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. oval:org.secpod.oval:def:126913 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:126911 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:203765 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overf ... oval:org.secpod.oval:def:203763 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overf ... oval:org.secpod.oval:def:203889 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. Netscape Portable Runtime provides platform independ ... oval:org.secpod.oval:def:1600396 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to imp ... oval:org.secpod.oval:def:204043 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer ... oval:org.secpod.oval:def:203757 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overf ... oval:org.secpod.oval:def:1501669 It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. oval:org.secpod.oval:def:1501309 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to imp ... oval:org.secpod.oval:def:501780 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially cr ... oval:org.secpod.oval:def:1501672 It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. oval:org.secpod.oval:def:204039 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer ... oval:org.secpod.oval:def:1501670 It was found that Diffie Hellman Client key exchange handling in NSS was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. oval:org.secpod.oval:def:1501438 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery ... oval:org.secpod.oval:def:1200002 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overf ... oval:org.secpod.oval:def:501671 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overf ... oval:org.secpod.oval:def:501672 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overf ... oval:org.secpod.oval:def:1501440 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery ... oval:org.secpod.oval:def:203858 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially cr ... oval:org.secpod.oval:def:1501206 Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. oval:org.secpod.oval:def:1600405 A use-after-free flaw was found in the way NSS handled DHE and ECDHE handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute ar ... oval:org.secpod.oval:def:1501297 A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS handshake. A man-in-the-middle attacker able to force a TLS connection to use the MD5 hash function could use this flaw to conduct collision attacks to imp ... oval:org.secpod.oval:def:501746 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS han ... oval:org.secpod.oval:def:203919 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. Netscape Portable Runtime provides platform independ ... oval:org.secpod.oval:def:203918 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a ne ... oval:org.secpod.oval:def:501801 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. Netscape Portable Runtime provides platform independ ... oval:org.secpod.oval:def:203807 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS han ... oval:org.secpod.oval:def:501811 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a ne ... oval:org.secpod.oval:def:501810 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. Netscape Portable Runtime provides platform independ ... oval:org.secpod.oval:def:1501387 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially cra ... oval:org.secpod.oval:def:501936 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer ... oval:org.secpod.oval:def:1600481 CVE-2016-2834 nss: Multiple security flaws multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the ... oval:org.secpod.oval:def:1501212 Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. oval:org.secpod.oval:def:1501216 Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. oval:org.secpod.oval:def:204123 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer ... oval:org.secpod.oval:def:203813 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS 1.2 could use the MD5 hash function for signing ServerKeyExchange and Client Authentication packets during a TLS han ... oval:org.secpod.oval:def:97712 [CLSA-2023:1676979221] Update of nss oval:org.secpod.oval:def:97722 [CLSA-2023:1681327540] nss: Fix of CVE-2023-0767 oval:org.secpod.oval:def:97739 [CLSA-2023:1691073928] Update of nss oval:org.secpod.oval:def:1505452 [3.44.0-7.0.2] - Fix CVE-2021-43527 [Orabug: 33627334] oval:org.secpod.oval:def:1505338 [3.67.0-4] - fix CVE-2021-43527 oval:org.secpod.oval:def:1505337 [3.67.0-7] - Fix CVE 2021 43527 oval:org.secpod.oval:def:205922 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: Memory corruption in decodeECorDsaSignature with DSA signatures For more details about the security issue, including the impa ... oval:org.secpod.oval:def:97589 [CLSA-2021:1640002354] Fixed CVE-2021-43527 in nss oval:org.secpod.oval:def:2500325 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. oval:org.secpod.oval:def:4500080 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page ... oval:org.secpod.oval:def:19500079 NSS up to and including 3.73 is vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Applications using NSS for certificate validation or other TL ... oval:org.secpod.oval:def:109112 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:109101 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:1501051 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use this flaw to force the us ... oval:org.secpod.oval:def:1200046 A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use this flaw to force the use of weak 512 bit export-grade keys during the key exchange, allowing them do decrypt all traffic. Please note that this update forces the TLS/SSL c ... oval:org.secpod.oval:def:203652 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use this flaw to force the us ... oval:org.secpod.oval:def:203650 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use this flaw to force the us ... oval:org.secpod.oval:def:109185 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:1501047 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use this flaw to force the us ... oval:org.secpod.oval:def:501584 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way the TLS protocol composes the Diffie-Hellman key exchange. A man-in-the-middle attacker could use this flaw to force the us ... oval:org.secpod.oval:def:1500326 Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores ... oval:org.secpod.oval:def:1500329 Updated nss, nspr, and nss-util packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System base scores, which give detailed severity ra ... oval:org.secpod.oval:def:501160 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid h ... oval:org.secpod.oval:def:106280 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:1600306 A flaw was found in the way NSS handled invalid handshake packets. A remote attacker could use this flaw to cause a TLS/SSL client using NSS to crash or, possibly, execute arbitrary code with the privileges of the user running the application. It was found that the fix for CVE-2013-1620 introduced a ... oval:org.secpod.oval:def:106155 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:501156 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid h ... oval:org.secpod.oval:def:106233 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:202994 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid h ... oval:org.secpod.oval:def:202981 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS handled invalid h ... oval:org.secpod.oval:def:1500683 It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. oval:org.secpod.oval:def:1300309 A vulnerability has been discovered and corrected in nspr: Mozilla Netscape Portable Runtime before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service via vectors involving the sprintf and console functions . The updated nspr packages have been upgraded to the 4. ... oval:org.secpod.oval:def:203447 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information fr ... oval:org.secpod.oval:def:1500643 Updated nss and nspr packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 7. The Red Hat Security Response Team has rated this update as having Critical security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is ... oval:org.secpod.oval:def:106374 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:1500654 Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Critical security impact. Common Vulnerability Scoring System base scores, ... oval:org.secpod.oval:def:106272 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:203362 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verifie ... oval:org.secpod.oval:def:501366 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv3, TLS, and other security standards. It was found that the implementation of Internationalizing Domain ... oval:org.secpod.oval:def:1500723 Updated nss and nspr packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System base scores, which giv ... oval:org.secpod.oval:def:501378 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified ... oval:org.secpod.oval:def:501382 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information fr ... oval:org.secpod.oval:def:107568 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stand ... oval:org.secpod.oval:def:1300291 A vulnerability has been found and corrected in mozilla NSS: In a wildcard certificate, the wildcard character should not be embedded within the U-label of an internationalized domain name. See the last bullet point in RFC 6125, Section 7.2 . The updated packages have been upgraded to the latest NSP ... oval:org.secpod.oval:def:1500633 A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. oval:org.secpod.oval:def:203397 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv3, TLS, and other security standards. It was found that the implementation of Internationalizing Domain ... oval:org.secpod.oval:def:107659 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stand ... oval:org.secpod.oval:def:1600147 Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain ... oval:org.secpod.oval:def:501345 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verifie ... oval:org.secpod.oval:def:501346 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verifie ... oval:org.secpod.oval:def:203373 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verifie ... oval:org.secpod.oval:def:203374 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verifie ... oval:org.secpod.oval:def:108293 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS #5, PKCS #7, PKCS #11, PKCS #12, S/MIME, X.509 v3 certificates, and other security stan ... oval:org.secpod.oval:def:500498 Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. These facilities include threads, thread synchronization, normal file and network I/O, interval timing, calendar time, basic memory management , and shared library linking. Network Security Services i ... oval:org.secpod.oval:def:500332 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. Netscape Portable Runtime provides platform independence f ... oval:org.secpod.oval:def:201931 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. Netscape Portable Runtime provides platform independence f ... oval:org.secpod.oval:def:201732 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv2, SSLv3, TLS, and other security standards. Netscape Portable Runtime provides platform independence f ... oval:org.secpod.oval:def:509031 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: nss: vulnerable to Minerva side-channel information leak For more details about the security issue, including the impact, a CVSS scor ... oval:org.secpod.oval:def:509071 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: nss: vulnerable to Minerva side-channel information leak For more details about the security issue, including the impact, a CVSS scor ... oval:org.secpod.oval:def:206020 Security Fix: nss: Arbitrary memory write via PKCS 12 For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. oval:org.secpod.oval:def:507584 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: Arbitrary memory write via PKCS 12 For more details about the security issue, including the impact, a CVSS score, acknowledgme ... oval:org.secpod.oval:def:507583 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: Arbitrary memory write via PKCS 12 Bug Fix: * In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output s ... oval:org.secpod.oval:def:19500043 firefox-esr , thunderbird and nss only are affected by this package oval:org.secpod.oval:def:1701232 firefox-esr , thunderbird and nss only are affected by this package oval:org.secpod.oval:def:507573 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: Arbitrary memory write via PKCS 12 For more details about the security issue, including the impact, a CVSS score, acknowledgme ... oval:org.secpod.oval:def:507575 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: * nss: Arbitrary memory write via PKCS 12 For more details about the security issue, including the impact, a CVSS score, acknowledgme ... oval:org.secpod.oval:def:19500577 It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens befor ... oval:org.secpod.oval:def:509106 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: nss: timing attack against RSA decryption For more details about the security issue, including the impact, a CVSS score, acknowledgme ... oval:org.secpod.oval:def:19500595 A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a pa ... oval:org.secpod.oval:def:1702088 A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a pa ... oval:org.secpod.oval:def:1504933 [2.28-151.0.1.el8_4] - merge RH patches for ol8-u4 release Review-exception: Patch merge - Provide glibc.pthread.mutex_spin_count tunable for pthread adaptive - spin mutex Orabug: 27982358. Reviewed-by: Qing Zhao - add Ampere emag to tunable cpu list - add optimized memset for emag - add an ASIMD v ... oval:org.secpod.oval:def:1504976 [2.28-151.0.1.el8_4] - merge RH patches for ol8-u4 release Review-exception: Patch merge - Provide glibc.pthread.mutex_spin_count tunable for pthread adaptive - spin mutex Orabug: 27982358. Reviewed-by: Qing Zhao - add Ampere emag to tunable cpu list - add optimized memset for emag - add an ASIMD v ... oval:org.secpod.oval:def:1503056 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:503466 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities for use with t ... oval:org.secpod.oval:def:1700297 A heap-based buffer overflow was found in the NSC_EncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application . While the attack complexity is high, the imp ... oval:org.secpod.oval:def:36844 The host is installed with OpenSSL or NSS and is prone to a birthday attack vulnerability. A flaw is present in 3DES cipher as used in TLS protocol, which fails to renegotiate running connections. Successful exploitation could allow attackers to recover partial plaintext information. |
