Vulnerabilities > Mozilla > Network Security Services > 3.41

DATE CVE VULNERABILITY TITLE RISK
2020-10-22 CVE-2019-17007 Improper Certificate Validation vulnerability in multiple products
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.
network
low complexity
mozilla siemens CWE-295
7.5
2020-10-22 CVE-2019-17006 Improper Input Validation vulnerability in multiple products
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks.
network
low complexity
siemens mozilla netapp CWE-20
critical
9.8
2020-10-22 CVE-2018-18508 NULL Pointer Dereference vulnerability in multiple products
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
network
low complexity
mozilla siemens CWE-476
6.5
2020-10-20 CVE-2020-25648 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3.
network
low complexity
mozilla redhat fedoraproject oracle CWE-770
7.5