Twenty Year Anniversary
Showing 1 - 10 of 10 RSS Feed

CVE-2017-5461

Status Candidate

Overview

Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.

Related Files

Gentoo Linux Security Advisory 201802-03
Posted Feb 20, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201802-3 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Versions less than 52.6.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2016-10195, CVE-2016-10196, CVE-2016-10197, CVE-2016-6354, CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5462, CVE-2017-5464, CVE-2017-5465
MD5 | 342c99b34da6a302b3f5a3b2469de9ea
Ubuntu Security Notice USN-3278-1
Posted May 17, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3278-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to spoof the addressbar contents, conduct cross-site scripting attacks, cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, spoof, xss
systems | linux, ubuntu
advisories | CVE-2017-10195, CVE-2017-10196, CVE-2017-10197, CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5462
MD5 | 8faf6b63b60624f8de39dda54f18f77e
Ubuntu Security Notice USN-3260-2
Posted May 11, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3260-2 - USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting attacks, cause a denial of service via application crash, or execute arbitrary code. A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a man-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, spoof, vulnerability, xss
systems | linux, ubuntu
advisories | CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5453, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5458, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5462, CVE-2017-5464
MD5 | 11ab081ff6232e2a33a57cb2bad556f1
Gentoo Linux Security Advisory 201705-04
Posted May 8, 2017
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201705-4 - Multiple vulnerabilities have been found in NSS, the worst of which may allow execution of arbitrary code. Versions less than 3.29.5 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-5461, CVE-2017-5462
MD5 | d021eeab99ff8ed32b762f2598987515
Ubuntu Security Notice USN-3270-1
Posted Apr 27, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3270-1 - Karthik Bhargavan and Gaetan Leurent discovered that the DES and Triple DES ciphers were vulnerable to birthday attacks. A remote attacker could possibly use this flaw to obtain clear text data from long encrypted sessions. This update causes NSS to limit use of the same symmetric key. It was discovered that NSS incorrectly handled Base64 decoding. A remote attacker could use this flaw to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-2183, CVE-2017-5461
MD5 | c8e97563f6a755db5f133a0d95df860c
Debian Security Advisory 3831-1
Posted Apr 20, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3831-1 - Multiple security issues have been found in the Mozilla Firefox web overflows and other implementation errors may lead to the execution of arbitrary code, information disclosure or denial of service.

tags | advisory, web, denial of service, overflow, arbitrary, info disclosure
systems | linux, debian
advisories | CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5462, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469
MD5 | e8e4d6d84d9ead16c475d109c46cf94a
Red Hat Security Advisory 2017-1103-01
Posted Apr 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1103-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2017-5461
MD5 | b6f69ed4eecd4dfe84f0bfbb69295cf7
Red Hat Security Advisory 2017-1102-01
Posted Apr 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1102-01 - The nss-util packages provide utilities for use with the Network Security Services libraries. Security Fix: An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2017-5461
MD5 | b47daff0d9117701e6eeb7115d2b0967
Red Hat Security Advisory 2017-1101-01
Posted Apr 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1101-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. Security Fix: An out-of-bounds write flaw was found in the way NSS performed certain Base64-decoding operations. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.

tags | advisory, arbitrary
systems | linux, redhat
advisories | CVE-2017-5461
MD5 | dbfff630772fa1291b105e6b0d746891
Red Hat Security Advisory 2017-1100-01
Posted Apr 20, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1100-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util packages provide utilities for use with the Network Security Services libraries. The following packages have been upgraded to a newer upstream version: nss, nss-util. Multiple security issues have been addressed.

tags | advisory
systems | linux, redhat
advisories | CVE-2017-5461
MD5 | b22531328401a1a5172c9103b1791b28
Page 1 of 1
Back1Next

File Archive:

September 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    3 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    18 Files
  • 6
    Sep 6th
    18 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    2 Files
  • 9
    Sep 9th
    2 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    17 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    29 Files
  • 14
    Sep 14th
    21 Files
  • 15
    Sep 15th
    3 Files
  • 16
    Sep 16th
    1 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    16 Files
  • 19
    Sep 19th
    29 Files
  • 20
    Sep 20th
    18 Files
  • 21
    Sep 21st
    5 Files
  • 22
    Sep 22nd
    2 Files
  • 23
    Sep 23rd
    2 Files
  • 24
    Sep 24th
    15 Files
  • 25
    Sep 25th
    69 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close