what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 10 of 10 RSS Feed

CVE-2015-7181

Status Candidate

Overview

The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue.

Related Files

Debian Security Advisory 3688-1
Posted Oct 6, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3688-1 - Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-4000, CVE-2015-7181, CVE-2015-7182, CVE-2015-7575, CVE-2016-1938, CVE-2016-1950, CVE-2016-1978, CVE-2016-1979, CVE-2016-2834
SHA-256 | b93966cf45b459b94721e41f799657ce1d921ea91d32c39e7fe841f2d97f11e7
Debian Security Advisory 3410-1
Posted Dec 2, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3410-1 - Multiple security issues have been found in Icedove, Debian's version of integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, debian
advisories | CVE-2015-4473, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489, CVE-2015-4513, CVE-2015-7181, CVE-2015-7182, CVE-2015-7188, CVE-2015-7189, CVE-2015-7193, CVE-2015-7194, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200
SHA-256 | c4d03a712c3b367a9fc290b0a72f11c5be169a10a74c8653d379d55399f41c23
Ubuntu Security Notice USN-2819-1
Posted Dec 1, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2819-1 - Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky, Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, and Gary Kwong discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Tyson Smith and David Keeler discovered a use-after-poison and buffer overflow in NSS. An attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-4513, CVE-2015-7181, CVE-2015-7182, CVE-2015-7183, CVE-2015-7188, CVE-2015-7189, CVE-2015-7193, CVE-2015-7194, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200
SHA-256 | a311c779f9fd27a3a7bb5fd804f6f177902aee369fc6236ab5b3d629b731ef65
Red Hat Security Advisory 2015-2068-01
Posted Nov 19, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-2068-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overflow flaw were found in the way NSS parsed certain ASN.1 structures. An attacker could use these flaws to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-7181, CVE-2015-7182, CVE-2015-7183
SHA-256 | fe60a25cea587409eb3e69819ff10f018734fe33d7f5c69935f661f1071aa61d
Slackware Security Advisory - mozilla-nss Updates
Posted Nov 9, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New mozilla-nss packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory
systems | linux, slackware
advisories | CVE-2015-7181, CVE-2015-7182, CVE-2015-7183
SHA-256 | 9b0befe56f80c153f34a19aac88a216bf782f29de0d132c69ac59ecc057a73b1
Debian Security Advisory 3393-1
Posted Nov 5, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3393-1 - Multiple security issues have been found in Iceweasel, Debian's version integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.

tags | advisory, denial of service, overflow, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2015-4513, CVE-2015-7181, CVE-2015-7182, CVE-2015-7183, CVE-2015-7188, CVE-2015-7189, CVE-2015-7193, CVE-2015-7194, CVE-2015-7196, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200
SHA-256 | 72e5c1890f7f8850f396383ff3d6fc35d3f3f513b99e26e855a9949cd694801a
Ubuntu Security Notice USN-2785-1
Posted Nov 5, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2785-1 - Christian Holler, David Major, Jesse Ruderman, Tyson Smith, Boris Zbarsky, Randell Jesup, Olli Pettay, Karl Tomlinson, Jeff Walden, Gary Kwong, Andrew McCreight, Georg Fritzsche, and Carsten Book discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-4513, CVE-2015-4514, CVE-2015-4515, CVE-2015-4518, CVE-2015-7181, CVE-2015-7182, CVE-2015-7183, CVE-2015-7187, CVE-2015-7188, CVE-2015-7189, CVE-2015-7193, CVE-2015-7194, CVE-2015-7195, CVE-2015-7196, CVE-2015-7197, CVE-2015-7198, CVE-2015-7199, CVE-2015-7200
SHA-256 | dbba07af115f849b37a270b8478366a007822e4f6fb2d26a2d111c4d90b83109
Ubuntu Security Notice USN-2791-1
Posted Nov 5, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2791-1 - Tyson Smith and David Keeler discovered that NSS incorrectly handled decoding certain ASN.1 data. An remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-7181, CVE-2015-7182
SHA-256 | 048510c419c7f8a7894fe20fe051b1e0b56ac2b48d823b93cdb831c44e100f2a
Red Hat Security Advisory 2015-1981-01
Posted Nov 4, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1981-01 - Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overflow flaw were found in the way NSS parsed certain ASN.1 structures. An attacker could use these flaws to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-7181, CVE-2015-7182, CVE-2015-7183
SHA-256 | f218558d94300f2eeece5fe28759616cde41313ce2bbebe7fd77469b034c87e4
Red Hat Security Advisory 2015-1980-01
Posted Nov 4, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1980-01 - Network Security Services is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Netscape Portable Runtime provides platform independence for non-GUI operating system facilities. A use-after-poison flaw and a heap-based buffer overflow flaw were found in the way NSS parsed certain ASN.1 structures. An attacker could use these flaws to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-7181, CVE-2015-7182, CVE-2015-7183
SHA-256 | 8cfcb360352e3c75f30ec51f7bbd0be2d86035b626fb9ea84115b65545e233f8
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close