rpm package
suse/mozilla-nss&distro=SUSE Linux Enterprise Server for SAP Applications 12
pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012
Vulnerabilities (122)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-2721 | — | < 3.19.2_CKBI_1.98-21.1 | 3.19.2_CKBI_1.98-21.1 | Jul 6, 2015 | Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-i | ||
| CVE-2015-4000 | Low | 3.7 | < 3.19.2_CKBI_1.98-21.1 | 3.19.2_CKBI_1.98-21.1 | May 21, 2015 | The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by D |
- CVE-2015-2721Jul 6, 2015affected < 3.19.2_CKBI_1.98-21.1fixed 3.19.2_CKBI_1.98-21.1
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-i
- affected < 3.19.2_CKBI_1.98-21.1fixed 3.19.2_CKBI_1.98-21.1
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by D
Page 7 of 7