Vulnerabilities > Mozilla > Network Security Services > 3.12.7
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-22 | CVE-2019-17007 | Improper Certificate Validation vulnerability in multiple products In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. | 7.5 |
| 2020-10-22 | CVE-2019-17006 | Improper Input Validation vulnerability in multiple products In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. | 9.8 |
| 2020-10-22 | CVE-2018-18508 | NULL Pointer Dereference vulnerability in multiple products In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service. | 6.5 |
| 2020-10-20 | CVE-2020-25648 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. | 7.5 |
| 2019-05-02 | CVE-2018-12404 | Unspecified vulnerability in Mozilla Network Security Services A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. | 5.9 |
| 2019-04-29 | CVE-2018-12384 | Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Mozilla Network Security Services When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. | 5.9 |
| 2018-07-19 | CVE-2016-9574 | Session Fixation vulnerability in Mozilla Network Security Services nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA. | 5.9 |
| 2018-06-11 | CVE-2017-5462 | Incorrect Calculation vulnerability in multiple products A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. | 5.3 |
| 2017-05-11 | CVE-2017-5461 | Out-of-bounds Write vulnerability in Mozilla Network Security Services Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations. | 9.8 |
| 2016-06-13 | CVE-2016-2834 | Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. | 8.8 |