Lucene search
K

6 matches found

CVE
CVE
added 2009/11/09 5:0 p.m.1305 views

CVE-2009-3555

CVE-2009-3555 concerns a TLS/SSL renegotiation flaw where renegotiation handshakes were not properly associated with the existing connection, enabling MITM data insertion in HTTPS and other TLS/SSL sessions (Project Mogul). Connected advisories show concrete mitigations and affected software: Pou...

9.8CVSS6AI score0.87264EPSS
CVE
CVE
added 2021/12/08 12:0 a.m.662 views

CVE-2021-43527

CVE-2021-43527 describes a heap overflow in NSS when handling DER-encoded DSA or RSA-PSS signatures. The vulnerability affects NSS versions prior to 3.73 (and 3.68.1 ESR for some configurations) and can impact applications using NSS for signatures in CMS, S/MIME, PKCS#7, or PKCS#12, as well as th...

9.8CVSS9.6AI score0.17563EPSS
CVE
CVE
added 2021/05/27 12:0 a.m.341 views

CVE-2020-12403

CVE-2020-12403 affects NSS where the CHACHA20-POLY1305 implementation for multi-part ChaCha20 could trigger out-of-bounds reads in versions prior to 3.55. The fix disables multi-part ChaCha20 (which was malfunctioning) and enforces the ChaCha20-Poly1305 tag length, reducing confidentiality and av...

9.1CVSS8.8AI score0.01541EPSS
CVE
CVE
added 2023/12/12 5:2 p.m.265 views

CVE-2023-4421

CVE-2023-4421 concerns the NSS library’s handling of PKCS#1 v1.5 padding, where timing side-channel leakage exposed information about padding validity and message length. This could enable Bleichenbacher-like attacks, allowing an attacker to decrypt previously intercepted PKCS#1 v1.5 ciphertext (...

6.5CVSS6.2AI score0.00628EPSS
CVE
CVE
added 2016/01/31 6:0 p.m.189 views

CVE-2016-1938

CVE-2016-1938 affects Mozilla NSS up to version 3.21, used by Firefox prior to 44.0. The issue is in the s_mp_div function in lib/freebl/mpi/mpi.c, where numbers are divided incorrectly, potentially allowing remote attackers to defeat cryptographic protections by leveraging use of mp_div or mp_ex...

6.5CVSS7.6AI score0.03121EPSS
CVE
CVE
added 2019/11/15 3:44 p.m.161 views

CVE-2016-5285

CVE-2016-5285 is a NULL pointer dereference in Mozilla NSS caused by a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime. The vulnerability can allow a remote attacker to crash a TLS/SSL server (Denial of Service). Affected context in the provided documents includes NS...

7.5CVSS7.2AI score0.02279EPSS