FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
4cb165f0-6e48-423e-8147-92255d35c0f7	NSS -- multiple vulnerabilities Mozilla Foundation reports: An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5. A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5. Discovery 2017-03-17 Entry 2017-04-19 nss linux-f10-nss linux-c6-nss linux-c7-nss ge 3.30 lt 3.30.1 ge 3.29 lt 3.29.5 ge 3.22 lt 3.28.4 < 3.21.4 CVE-2017-5461 CVE-2017-5462 https://hg.mozilla.org/projects/nss/rev/99a86619eac9 https://hg.mozilla.org/projects/nss/rev/e126381a3c29
47695a9c-5377-11ec-8be6-d4c9ef517024	NSS -- Memory corruption The Mozilla project reports: Memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures (Critical) NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. Discovery 2021-12-01 Entry 2021-12-02 nss < 3.73 CVE-2021-43527 https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/

VuXML ID

Description

4cb165f0-6e48-423e-8147-92255d35c0f7

NSS -- multiple vulnerabilities

Mozilla Foundation reports:

An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.

Discovery 2017-03-17
Entry 2017-04-19
nss
linux-f10-nss
linux-c6-nss
linux-c7-nss

ge 3.30 lt 3.30.1

ge 3.29 lt 3.29.5

ge 3.22 lt 3.28.4

< 3.21.4

CVE-2017-5461
CVE-2017-5462
https://hg.mozilla.org/projects/nss/rev/99a86619eac9
https://hg.mozilla.org/projects/nss/rev/e126381a3c29

47695a9c-5377-11ec-8be6-d4c9ef517024

NSS -- Memory corruption

The Mozilla project reports:

Memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures (Critical)

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS.

Discovery 2021-12-01
Entry 2021-12-02
nss

< 3.73

CVE-2021-43527
https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/