Debian Nss vulnerabilities

CVE-2014-3566 [LOW] CVE-2014-3566: bouncycastle - The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses... The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2013-5605 [HIGH] CVE-2013-5605: nss - Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.... Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets. Scope: local bookworm: resolved (fixed in 2:3.15.3-1) bullseye: resolved (fixed in 2:3.15.3-1) forky: resolved (fixed in 2:3.15.3-1) sid: resolved (fixed in 2:3.15.3-

CVE-2013-1741 [HIGH] CVE-2013-1741: nss - Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 a... Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. Scope: local bookworm: resolved (fixed in 2:3.15.3-1) bullseye: resolved (fixed in 2:3.15.3-1) forky: resolved (fixed in 2:3.15.3-1) sid: resolved (fixed in 2:3.15.3-1) trixie:

CVE-2013-5606 [MEDIUM] CVE-2013-5606: nss - The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Securi... The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate. Scope: local bookworm: resolved (f

CVE-2013-1739 [MEDIUM] CVE-2013-1739: nss - Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data ... Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure. Scope: local bookworm: resolved (fixed in 2:3.15.2-1) bullseye: resolved (fixed in 2:3.15.2-1

CVE-2013-1740 [MEDIUM] CVE-2013-1740: nss - The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Secur... The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic. Scope: local bookworm: resolved (fixed in 2:3.15.4-1) bullseye: resolved (fixed in

CVE-2013-0169 [LOW] CVE-2013-0169: bouncycastle - The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenS... The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical anal

CVE-2013-0791 [MEDIUM] CVE-2013-0791: nss - The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), ... The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted cert

CVE-2013-1620 [LOW] CVE-2013-1620: nss - The TLS implementation in Mozilla Network Security Services (NSS) does not prope... The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related is

CVE-2012-0441 [MEDIUM] CVE-2012-0441: nss - The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (... The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrat

CVE-2011-3389 [MEDIUM] CVE-2011-3389: asterisk - The SSL protocol, as used in certain configurations in Microsoft Windows and Mic... The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS s

CVE-2011-3640 [HIGH] CVE-2011-3640: nss - Untrusted search path vulnerability in Mozilla Network Security Services (NSS), ... Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug." Scope: local bookworm: resolved

CVE-2010-3173 [HIGH] CVE-2010-3173: nss - The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11,... The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 does not properly set the minimum key length for Diffie-Hellman Ephemeral (DHE) mode, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. Scope: local boo

CVE-2010-3170 [MEDIUM] CVE-2010-3170: nss - Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 ... Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority

CVE-2009-2408 [MEDIUM] CVE-2009-2408: nss - Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Th... Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legit

CVE-2009-3555 [MEDIUM] CVE-2009-3555: apache2 - The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Micr... The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate reneg

CVE-2009-2404 [CRITICAL] CVE-2009-2404: nss - Heap-based buffer overflow in a regular-expression parser in Mozilla Network Sec... Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common N

CVE-2009-2409 [MEDIUM] CVE-2009-2409: nss - The Network Security Services (NSS) library before 3.12.3, as used in Firefox; G... The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is