VYPR

Nss

by Mozilla Corporation

Source repositories

CVEs (34)

  • CVE-2009-3555CriNov 9, 2009
    risk 0.67cvss 9.8epss 0.87

    The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4…

  • CVE-2015-7182CriNov 5, 2015
    risk 0.65cvss 9.8epss 0.10

    Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service…

  • CVE-2017-11697HigDec 27, 2017
    risk 0.51cvss 7.8epss 0.01

    The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file.

  • CVE-2017-11696HigDec 27, 2017
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.

  • CVE-2017-11695HigDec 27, 2017
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.

  • CVE-2026-6772HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2026-4727HigMar 24, 2026
    risk 0.49cvss 7.5epss 0.01

    Denial-of-service in the Libraries component in NSS. This vulnerability was fixed in Firefox 149 and Thunderbird 149.

  • CVE-2026-12318HigJun 16, 2026
    risk 0.47cvss 7.3epss 0.00

    Incorrect boundary conditions in the Libraries component in NSS. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

  • CVE-2016-1938MedJan 31, 2016
    risk 0.42cvss 6.5epss 0.03

    The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging…

  • CVE-2016-9574MedJul 19, 2018
    risk 0.38cvss 5.9epss 0.01

    nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.

  • CVE-2016-8635MedAug 1, 2018
    risk 0.35cvss 5.3epss 0.02

    It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.

  • CVE-2017-5462MedJun 11, 2018
    risk 0.35cvss 5.3epss 0.03

    A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version…

  • CVE-2026-6767MedApr 21, 2026
    risk 0.34cvss 5.3epss 0.00

    Other issue in the Libraries component in NSS. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.

  • CVE-2018-12404May 2, 2019
    risk 0.01cvss epss 0.44

    A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.

  • CVE-2015-7183Nov 5, 2015
    risk 0.01cvss epss 0.07

    Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote…

  • CVE-2015-7181Nov 5, 2015
    risk 0.01cvss epss 0.08

    The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows…

  • CVE-2023-4421Dec 12, 2023
    risk 0.00cvss epss 0.01

    The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of…

  • CVE-2022-3479Oct 14, 2022
    risk 0.00cvss epss 0.01

    A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.

  • CVE-2021-43527Dec 8, 2021
    risk 0.00cvss epss 0.18

    NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \#7, or PKCS \#12 are likely to be…

  • CVE-2019-17007Oct 22, 2020
    risk 0.00cvss epss 0.01

    In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.

Page 1 of 2