Vulnerabilities > Mozilla > NSS > 3.12.3.2

DATE CVE VULNERABILITY TITLE RISK
2021-12-08 CVE-2021-43527 Out-of-bounds Write vulnerability in multiple products
NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures.
network
low complexity
mozilla netapp oracle starwindsoftware CWE-787
critical
9.8
2021-05-27 CVE-2020-12403 Out-of-bounds Read vulnerability in Mozilla NSS
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55.
network
low complexity
mozilla CWE-125
critical
9.1
2019-11-15 CVE-2016-5285 NULL Pointer Dereference vulnerability in multiple products
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.
network
low complexity
mozilla debian redhat suse avaya CWE-476
5.0
2016-01-31 CVE-2016-1938 Cryptographic Issues vulnerability in multiple products
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
network
low complexity
opensuse mozilla CWE-310
6.4