Nss@* Security Vulnerabilities and Issues — Nss@* CVE List

Lucene search

MozillaNss*

10 matches found

CVE•added 2009/11/09 5:30 p.m.•1194 views

CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple ...

5.8CVSS6AI score0.03226EPSS

Web

CVE•added 2021/12/08 10:15 p.m.•628 views

CVE-2021-43527

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Applications using N...

9.8CVSS9.6AI score0.05243EPSS

CVE•added 2020/10/22 9:15 p.m.•470 views

CVE-2019-17006

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.

10CVSS9.4AI score0.00454EPSS

CVE•added 2021/05/27 7:15 p.m.•319 views

CVE-2020-12403

A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length....

9.1CVSS8.8AI score0.00191EPSS

CVE•added 2023/12/12 5:15 p.m.•245 views

CVE-2023-4421

The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphert...

6.5CVSS6.2AI score0.0022EPSS

CVE•added 2020/10/22 9:15 p.m.•213 views

CVE-2018-18508

In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.

6.5CVSS6.3AI score0.00315EPSS

CVE•added 2020/10/22 9:15 p.m.•201 views

CVE-2019-17007

In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.

7.5CVSS7.2AI score0.00276EPSS

CVE•added 2016/01/31 6:59 p.m.•150 views

CVE-2016-1938

The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div...

6.5CVSS7.6AI score0.01048EPSS

CVE•added 2019/11/15 4:15 p.m.•135 views

CVE-2016-5285

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

7.5CVSS7.2AI score0.00646EPSS

CVE•added 2018/08/01 1:29 p.m.•111 views

CVE-2016-8635

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.

5.9CVSS6.3AI score0.00443EPSS