Vulnerabilities > Mozilla > Network Security Services > 3.19

DATE CVE VULNERABILITY TITLE RISK
2020-10-22 CVE-2019-17007 Improper Certificate Validation vulnerability in multiple products
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.
network
low complexity
mozilla siemens CWE-295
5.0
2020-10-22 CVE-2019-17006 Insufficient Verification of Data Authenticity vulnerability in multiple products
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks.
network
low complexity
siemens mozilla netapp CWE-345
critical
10.0
2020-10-22 CVE-2018-18508 NULL Pointer Dereference vulnerability in multiple products
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
4.3
2020-10-20 CVE-2020-25648 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3.
network
low complexity
mozilla redhat fedoraproject oracle CWE-770
7.5
2019-05-02 CVE-2018-12404 Unspecified vulnerability in Mozilla Network Security Services
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content.
network
mozilla
4.3
2019-04-29 CVE-2018-12384 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Mozilla Network Security Services
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead.
network
mozilla CWE-335
4.3
2018-07-19 CVE-2016-9574 Session Fixation vulnerability in Mozilla Network Security Services
nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.
network
high complexity
mozilla CWE-384
5.9
2018-06-11 CVE-2017-5462 Incorrect Calculation vulnerability in multiple products
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over.
network
low complexity
debian mozilla CWE-682
5.0
2017-05-11 CVE-2017-5461 Out-of-bounds Write vulnerability in Mozilla Network Security Services
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations.
network
low complexity
mozilla CWE-787
7.5
2016-06-13 CVE-2016-2834 Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
network
low complexity
canonical opensuse mozilla novell
8.8