Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Micro 5.1 package mozilla-nspr, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2020-12403 — CVSS 9.1 (critical): A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could…
CVE-2022-31741 — CVSS 8.8 (high): A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption…
CVE-2020-25648 — CVSS 7.5 (high): A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS…
CVE-2020-6829 — CVSS 5.3 (medium): When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about…
CVE-2020-12400 — CVSS 4.7 (medium): When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible…
CVE-2020-12401 — CVSS 4.7 (medium): During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed…