Download
| Alert*
oval:org.secpod.oval:def:501462
Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Sig ... oval:org.secpod.oval:def:106726 nss-softokn is installed oval:org.secpod.oval:def:109663 Network Security Services Softoken Cryptographic Module oval:org.secpod.oval:def:109726 Network Security Services Softoken Cryptographic Module oval:org.secpod.oval:def:109952 Network Security Services Softoken Cryptographic Module oval:org.secpod.oval:def:1500836 Updated nss, nss-util, and nss-softokn packages that contain a patch to mitigate the CVE-2014-3566 issue, fix a number of bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. ... oval:org.secpod.oval:def:203509 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. This update adds support for the TLS Fallback Sig ... oval:org.secpod.oval:def:503467 The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. Security Fix: * nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate For more details about the security issue, including the impact, a CVSS score, acknow ... oval:org.secpod.oval:def:1503557 Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available from the ... oval:org.secpod.oval:def:500319 Network Security Services is a set of libraries designed to support the development of security-enabled client and server applications. A flaw was found in the way NSS matched SSL certificates when the certificates had a Common Name containing a wildcard and a partial IP address. NSS incorrectly ac ... oval:org.secpod.oval:def:112306 Network Security Services Softoken Cryptographic Module oval:org.secpod.oval:def:202908 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. nss-softokn provides an NSS softoken cryptographi ... oval:org.secpod.oval:def:1500241 Updated nss, nss-util, nss-softokn, and nspr packages that fix two security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System b ... oval:org.secpod.oval:def:501074 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. nss-softokn provides an NSS softoken cryptographi ... oval:org.secpod.oval:def:203440 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 inp ... oval:org.secpod.oval:def:1600070 A flaw was found in the way NSS parsed ASN.1 input from certain RSA signatures. A remote attacker could use this flaw to forge RSA certificates by providing a specially crafted signature to an application using NSS. oval:org.secpod.oval:def:203439 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 inp ... oval:org.secpod.oval:def:1500738 Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fro ... oval:org.secpod.oval:def:1500740 Updated nss packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available fro ... oval:org.secpod.oval:def:501393 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A flaw was found in the way NSS parsed ASN.1 inp ... oval:org.secpod.oval:def:501644 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forge ... oval:org.secpod.oval:def:203724 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forge ... oval:org.secpod.oval:def:203711 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forge ... oval:org.secpod.oval:def:1200171 A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks. oval:org.secpod.oval:def:1501161 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery ... oval:org.secpod.oval:def:1501162 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery ... oval:org.secpod.oval:def:115113 Network Security Services Softoken Cryptographic Module oval:org.secpod.oval:def:115075 Network Security Services Softoken Cryptographic Module oval:org.secpod.oval:def:205344 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a la ... oval:org.secpod.oval:def:503254 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. The following packages have been upgraded to a la ... oval:org.secpod.oval:def:1600481 CVE-2016-2834 nss: Multiple security flaws multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the user running the ... oval:org.secpod.oval:def:1600405 A use-after-free flaw was found in the way NSS handled DHE and ECDHE handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause that application to crash or, under certain special conditions, execute ar ... oval:org.secpod.oval:def:501810 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. Netscape Portable Runtime provides platform independ ... oval:org.secpod.oval:def:203917 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. Netscape Portable Runtime provides platform independ ... oval:org.secpod.oval:def:1501440 Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. A flaw was found in the way NSS verified certain ECDSA signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery ... oval:org.secpod.oval:def:109164 Network Security Services Softoken Cryptographic Module oval:org.secpod.oval:def:109187 Network Security Services Softoken Cryptographic Module oval:org.secpod.oval:def:109144 Network Security Services Softoken Cryptographic Module oval:org.secpod.oval:def:106175 Network Security Services Softoken Cryptographic Module oval:org.secpod.oval:def:108300 Network Security Services Softoken Cryptographic Module oval:org.secpod.oval:def:107762 Network Security Services Softoken Cryptographic Module oval:org.secpod.oval:def:107804 Network Security Services Softoken Cryptographic Module oval:org.secpod.oval:def:501366 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv3, TLS, and other security standards. It was found that the implementation of Internationalizing Domain ... oval:org.secpod.oval:def:203401 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSLv3, TLS, and other security standards. It was found that the implementation of Internationalizing Domain ... oval:org.secpod.oval:def:1500683 It was found that the implementation of Internationalizing Domain Names in Applications (IDNA) hostname matching in NSS did not follow the RFC 6125 recommendations. This could lead to certain invalid certificates with international characters to be accepted as valid. oval:org.secpod.oval:def:106360 Network Security Services Softoken Cryptographic Module oval:org.secpod.oval:def:106277 Network Security Services Softoken Cryptographic Module oval:org.secpod.oval:def:1702127 Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox less than 121 oval:org.secpod.oval:def:1702058 It was discovered that the numerical library used in NSS for RSA cryptography leaks information whether high order bits of the RSA decryption result are zero. This information can be used to mount a Bleichenbacher or Manger like attack against all RSA decryption operations. As the leak happens befor ... oval:org.secpod.oval:def:1700291 Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR lt; 60.8, Firefox lt; 68, and Thunderbird lt; 60.8. A heap-based buffer overflow was found in the NSC_Encry ... oval:org.secpod.oval:def:503466 Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-softokn package provides the Network Security Services Softoken Cryptographic Module. The nss-util packages provide utilities for use with t ... oval:org.secpod.oval:def:1503056 The advisory is missing the security advisory description. For more information please visit the reference link |