Nss Security Vulnerabilities and Issues — Nss CVE List

Lucene search

MozillaNss

10 matches found

CVE•added 2009/11/09 5:30 p.m.•1166 views

CVE-2009-3555

The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple ...

5.8CVSS6AI score0.04134EPSS

CVE•added 2021/12/08 10:15 p.m.•618 views

CVE-2021-43527

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Applications using N...

9.8CVSS9.6AI score0.05243EPSS

CVE•added 2020/10/22 9:15 p.m.•459 views

CVE-2019-17006

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.

10CVSS9.4AI score0.00454EPSS

CVE•added 2021/05/27 7:15 p.m.•308 views

CVE-2020-12403

A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length....

9.1CVSS8.8AI score0.00191EPSS

CVE•added 2023/12/12 5:15 p.m.•242 views

CVE-2023-4421

The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphert...

6.5CVSS6.2AI score0.0022EPSS

CVE•added 2020/10/22 9:15 p.m.•209 views

CVE-2018-18508

In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.

6.5CVSS6.3AI score0.00315EPSS

CVE•added 2020/10/22 9:15 p.m.•193 views

CVE-2019-17007

In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.

7.5CVSS7.2AI score0.00276EPSS

CVE•added 2019/11/15 4:15 p.m.•131 views

CVE-2016-5285

A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.

7.5CVSS7.2AI score0.00646EPSS

CVE•added 2016/01/31 6:59 p.m.•128 views

CVE-2016-1938

The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div...

6.5CVSS7.6AI score0.01048EPSS

CVE•added 2018/08/01 1:29 p.m.•106 views

CVE-2016-8635

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.

5.9CVSS6.3AI score0.00443EPSS