what you don't know can hurt you
Showing 1 - 12 of 12 RSS Feed

CVE-2014-1544

Status Candidate

Overview

Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.

Related Files

Mandriva Linux Security Advisory 2015-059
Posted Mar 16, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-059 - Multiple vulnerabilities has been found and corrected in the Mozilla NSS and NSPR packages. The updated packages provides a solution for these security issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2014-1492, CVE-2014-1544, CVE-2014-1545, CVE-2014-1568, CVE-2014-1569
MD5 | 2c77270c2fd4ff12cd5ee2996304f911
Debian Security Advisory 3071-1
Posted Nov 12, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3071-1 - In nss, a set of libraries designed to support cross-platform development of security-enabled client and server applications, Tyson Smith and Jesse Schwartzentruber discovered a use-after-free vulnerability that allows remote attackers to execute arbitrary code by triggering the improper removal of an NSSCertificate structure from a trust domain.

tags | advisory, remote, arbitrary
systems | linux, debian
advisories | CVE-2014-1544
MD5 | 32756b0750a241d599b3629ec0c91486
Ubuntu Security Notice USN-2343-1
Posted Sep 11, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2343-1 - Tyson Smith and Jesse Schwartzentruber discovered that NSS contained a race condition when performing certificate validation. An attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1544
MD5 | af331b8b2758bc0c0f0ca0598dd435fe
Red Hat Security Advisory 2014-1165-01
Posted Sep 8, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-1165-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2014-1544
MD5 | 42f38bdca69917248c2579ee3032e12b
Debian Security Advisory 2996-1
Posted Aug 4, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2996-1 - Multiple security issues have been found in Icedove, Debian's version of errors and use-after-frees may lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2014-1544, CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557
MD5 | 87ec53175b475074dfd0da0bc661aa6e
Mandriva Linux Security Advisory 2014-139
Posted Jul 30, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-139 - Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain. The updated packages have been upgraded to the latest NSS versions which is not vulnerable to this issue.

tags | advisory, remote, arbitrary
systems | linux, mandriva
advisories | CVE-2014-1544
MD5 | 11c65906439dc440e2a153e689daa5bd
Debian Security Advisory 2986-1
Posted Jul 24, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2986-1 - Multiple security issues have been found in Iceweasel, Debian's version use-after-frees may lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, arbitrary
systems | linux, debian
advisories | CVE-2014-1544, CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557
MD5 | f380b7726ce9ef820860dfc549d333db
Ubuntu Security Notice USN-2296-1
Posted Jul 22, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2296-1 - Christian Holler, David Keeler and Byron Campen discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message with scripting enabled, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Atte Kettunen discovered a buffer overflow when interacting with WebAudio buffers. If a user had enabled scripting, an attacker could potentially exploit this to cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1544, CVE-2014-1547, CVE-2014-1549, CVE-2014-1550, CVE-2014-1552, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557, CVE-2014-1558, CVE-2014-1559, CVE-2014-1560
MD5 | b91ce0b0228e39ddfc7d8cdc86868e60
Ubuntu Security Notice USN-2295-1
Posted Jul 22, 2014
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2295-1 - Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2014-1544, CVE-2014-1547, CVE-2014-1548, CVE-2014-1549, CVE-2014-1550, CVE-2014-1552, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557, CVE-2014-1558, CVE-2014-1559, CVE-2014-1560, CVE-2014-1561
MD5 | 32b701cc036eacbc756a150c23438748
Red Hat Security Advisory 2014-0917-01
Posted Jul 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0917-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application. A flaw was found in the way TLS False Start was implemented in NSS. An attacker could use this flaw to potentially return unencrypted information from the server.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2013-1740, CVE-2014-1490, CVE-2014-1491, CVE-2014-1492, CVE-2014-1544, CVE-2014-1545
MD5 | 125563ddbb4d52dd83f64bf8258af734
Red Hat Security Advisory 2014-0915-01
Posted Jul 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0915-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2014-1544
MD5 | 3fa6a5e508600473974feac200f6bbbe
Red Hat Security Advisory 2014-0916-01
Posted Jul 22, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0916-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A race condition was found in the way NSS verified certain certificates. A remote attacker could use this flaw to crash an application using NSS or, possibly, execute arbitrary code with the privileges of the user running that application.

tags | advisory, remote, arbitrary
systems | linux, redhat
advisories | CVE-2014-1544
MD5 | c8fdd0fb314749eab974d45d754a8e6a
Page 1 of 1
Back1Next

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close