Mozilla

Network Security Services

50 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-3479

  • EPSS 0.2%
  • Veröffentlicht 14.10.2022 17:15:15
  • Zuletzt bearbeitet 21.11.2024 07:19:37

A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.

7.5

CVE-2019-17007

Exploit
  • EPSS 0.31%
  • Veröffentlicht 22.10.2020 21:15:12
  • Zuletzt bearbeitet 21.11.2024 04:31:31

In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.

10

CVE-2019-17006

Exploit
  • EPSS 1.46%
  • Veröffentlicht 22.10.2020 21:15:12
  • Zuletzt bearbeitet 21.11.2024 04:31:31

In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer ove...

6.5

CVE-2018-18508

  • EPSS 0.32%
  • Veröffentlicht 22.10.2020 21:15:12
  • Zuletzt bearbeitet 21.11.2024 03:56:04

In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.

7.5

CVE-2020-25648

  • EPSS 0.09%
  • Veröffentlicht 20.10.2020 22:15:43
  • Zuletzt bearbeitet 21.11.2024 05:18:20

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this ...

5.9

CVE-2018-12404

  • EPSS 19.73%
  • Veröffentlicht 02.05.2019 17:29:01
  • Zuletzt bearbeitet 21.11.2024 03:45:09

A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS ...

5.9

CVE-2018-12384

  • EPSS 1.02%
  • Veröffentlicht 29.04.2019 15:29:00
  • Zuletzt bearbeitet 21.11.2024 03:45:06

When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.3...

5.9

CVE-2016-8635

  • EPSS 0.44%
  • Veröffentlicht 01.08.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 02:59:43

It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired g...

5.9

CVE-2016-9574

Exploit
  • EPSS 0.18%
  • Veröffentlicht 19.07.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:01:25

nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.

5.3

CVE-2017-5462

  • EPSS 1.07%
  • Veröffentlicht 11.06.2018 21:29:07
  • Zuletzt bearbeitet 25.11.2025 17:50:16

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been ...