Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:HPE Helion OpenStack 8 package mozilla-nss, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (22)
CVE-2021-43527 — CVSS 9.8 (critical): NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or…
CVE-2019-17006 — CVSS 9.8 (critical): In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application…
CVE-2019-11713 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially…
CVE-2019-11709 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed…
CVE-2020-12403 — CVSS 9.1 (critical): A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could…
CVE-2022-31741 — CVSS 8.8 (high): A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption…
CVE-2019-11711 — CVSS 8.8 (high): When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different…
CVE-2019-11712 — CVSS 8.8 (high): POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can…
CVE-2019-11745 — CVSS 8.8 (high): When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds…
CVE-2019-9811 — CVSS 8.3 (high): As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a…
CVE-2019-11719 — CVSS 7.5 (high): When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the…
CVE-2019-11729 — CVSS 7.5 (high): Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into…
CVE-2020-25648 — CVSS 7.5 (high): A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS…
CVE-2019-11730 — CVSS 6.5 (medium): A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same…
CVE-2022-1097 — CVSS 6.5 (medium): <code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads…
CVE-2019-11715 — CVSS 6.1 (medium): Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards…
CVE-2020-6829 — CVSS 5.3 (medium): When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about…
CVE-2019-11717 — CVSS 5.3 (medium): A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator…
CVE-2020-12401 — CVSS 4.7 (medium): During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed…
CVE-2020-12400 — CVSS 4.7 (medium): When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible…
CVE-2020-12402 — CVSS 4.4 (medium): During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly…
CVE-2020-12399 — CVSS 4.4 (medium): NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This…