VYPR

rpm package

suse/mozilla-nspr&distro=SUSE Enterprise Storage 5

pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Enterprise%20Storage%205

Vulnerabilities (4)

  • CVE-2019-17006Oct 22, 2020
    affected < 4.23-19.12.1fixed 4.23-19.12.1

    In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.

  • CVE-2020-12402Jul 9, 2020
    affected < 4.25-19.15.1fixed 4.25-19.15.1

    During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the rec

  • CVE-2020-12399Jul 9, 2020
    affected < 4.25-19.15.1fixed 4.25-19.15.1

    NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.

  • CVE-2019-11745Jan 8, 2020
    affected < 4.23-19.12.1fixed 4.23-19.12.1

    When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3,