Lucene search
K

8 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:40 a.m.3 views

SUSE CVE-2013-1620

The TLS implementation in Mozilla Network Security Services NSS does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attac...

4.3CVSS8.9AI score0.03723EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2019/12/10 4:38 p.m.6 views

nss: Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate

A heap-based buffer overflow was found in the NSCEncryptUpdate function in Mozilla nss. A remote attacker could trigger this flaw via SRTP encrypt or decrypt operations, to execute arbitrary code with the permissions of the user running the application compiled with nss. While the attack complexi...

8.8CVSS7.2AI score0.02994EPSS
Exploits0References6
CNVD
CNVD
added 2018/09/07 12:0 a.m.1 views

Mozilla Network Security Service Information Disclosure Vulnerability

Mozilla Network Security Services NSS is the United States Mozilla Foundation developed a library network security services library, it can provide cross-platform support for SSL, S/MIME and other Internet security standards. An information disclosure vulnerability exists in Mozilla NSS versions...

5.9CVSS5.7AI score0.01496EPSS
Exploits0References1
OSV
OSV
added 2015/11/04 12:0 a.m.4 views

UBUNTU-CVE-2015-7182

Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services NSS before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service application crash or possibly...

9.8CVSS7.9AI score0.10238EPSS
Exploits0References6
OSV
OSV
added 2014/01/18 10:55 p.m.1 views

DEBIAN-CVE-2013-1740

The sslDo1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services NSS before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic...

5.8CVSS6.6AI score0.01929EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2013/12/05 4:11 p.m.6 views

nss: Integer truncation in certificate parsing (MFSA 2013-103)

Integer overflow in Mozilla Network Security Services NSS 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value...

7.5CVSS6.6AI score0.03893EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2012/06/16 9:55 p.m.4 views

CVE-2011-5094

Mozilla Network Security Services NSS 3.x, with certain settings of the SSLENABLERENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service CPU consumption by...

5CVSS5.6AI score0.67703EPSS
Exploits1References11
RedHat Linux
RedHat Linux
added 2009/08/12 2:31 p.m.4 views

firefox/nss: doesn't handle NULL in Common Name properly

Mozilla Network Security Services NSS before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to...

6.8CVSS7AI score0.05741EPSS
Exploits4References4
Rows per page
Query Builder