Vulnerabilities > Mozilla > Network Security Services > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-10-22 CVE-2019-17007 Improper Certificate Validation vulnerability in multiple products
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.
network
low complexity
mozilla siemens CWE-295
5.0
2020-10-22 CVE-2018-18508 NULL Pointer Dereference vulnerability in multiple products
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.
4.3
2019-05-02 CVE-2018-12404 Unspecified vulnerability in Mozilla Network Security Services
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content.
network
mozilla
4.3
2019-04-29 CVE-2018-12384 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in Mozilla Network Security Services
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead.
network
mozilla CWE-335
4.3
2018-08-01 CVE-2016-8635 Improperly Implemented Security Check for Standard vulnerability in multiple products
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack.
network
high complexity
mozilla redhat CWE-358
5.9
2018-07-19 CVE-2016-9574 Session Fixation vulnerability in Mozilla Network Security Services
nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.
network
high complexity
mozilla CWE-384
5.9
2018-06-11 CVE-2017-5462 Incorrect Calculation vulnerability in multiple products
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over.
network
low complexity
debian mozilla CWE-682
5.3
2017-12-27 CVE-2017-11698 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Network Security Services
Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
local
low complexity
mozilla CWE-119
4.6
2017-12-27 CVE-2017-11697 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Network Security Services
The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file.
local
low complexity
mozilla CWE-119
4.6
2017-12-27 CVE-2017-11696 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Network Security Services
Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.
local
low complexity
mozilla CWE-119
4.6