mozilla-nspr (SUSE:Linux Enterprise Module for Basesystem 15) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Basesystem 15 package mozilla-nspr, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (12)
CVE-2019-17006 — CVSS 9.8 (critical): In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application…
CVE-2018-12405 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed…
CVE-2018-18492 — CVSS 9.8 (critical): A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options…
CVE-2018-18493 — CVSS 9.8 (critical): A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the…
CVE-2018-18498 — CVSS 9.8 (critical): A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used…
CVE-2019-11745 — CVSS 8.8 (high): When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds…
CVE-2018-17466 — CVSS 8.8 (high): Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory…
CVE-2018-18494 — CVSS 6.5 (medium): A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a…
CVE-2018-18508 — CVSS 6.5 (medium): In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference…
CVE-2018-12384 — CVSS 5.9 (medium): When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead…
CVE-2018-12404 — CVSS 5.9 (medium): A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant…
CVE-2018-0495 — CVSS 4.7 (medium): Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through…