mozilla-nss (SUSE:Linux Enterprise Module for Basesystem 15) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Basesystem 15 package mozilla-nss, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (25)
CVE-2018-18505 — CVSS 10.0 (critical): An earlier fix for an Inter-process Communication (IPC) vulnerability, CVE-2011-3079, added authentication to communication between IPC…
CVE-2019-17006 — CVSS 9.8 (critical): In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application…
CVE-2018-12405 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed…
CVE-2019-11713 — CVSS 9.8 (critical): A use-after-free vulnerability can occur in HTTP/2 when a cached HTTP/2 stream is closed while still in use, resulting in a potentially…
CVE-2018-18492 — CVSS 9.8 (critical): A use-after-free vulnerability can occur after deleting a selection element due to a weak reference to the select element in the options…
CVE-2018-18493 — CVSS 9.8 (critical): A buffer overflow can occur in the Skia library during buffer offset calculations with hardware accelerated canvas 2D actions due to the…
CVE-2018-18498 — CVSS 9.8 (critical): A potential vulnerability leading to an integer overflow can occur during buffer size calculations for images when a raw value is used…
CVE-2018-18500 — CVSS 9.8 (critical): A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream…
CVE-2018-18501 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 64 and Firefox ESR 60.4. Some of these bugs showed…
CVE-2019-11709 — CVSS 9.8 (critical): Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed…
CVE-2019-11745 — CVSS 8.8 (high): When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds…
CVE-2018-17466 — CVSS 8.8 (high): Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory…
CVE-2019-11712 — CVSS 8.8 (high): POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can…
CVE-2019-11711 — CVSS 8.8 (high): When an inner window is reused, it does not consider the use of document.domain for cross-origin protections. If pages on different…
CVE-2019-9811 — CVSS 8.3 (high): As part of a winning Pwn2Own entry, a researcher demonstrated a sandbox escape by installing a malicious language pack and then opening a…
CVE-2019-11719 — CVSS 7.5 (high): When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the…
CVE-2019-11729 — CVSS 7.5 (high): Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into…
CVE-2018-18508 — CVSS 6.5 (medium): In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference…
CVE-2018-18494 — CVSS 6.5 (medium): A same-origin policy violation allowing the theft of cross-origin URL entries when using the Javascript location property to cause a…
CVE-2019-11730 — CVSS 6.5 (medium): A vulnerability exists where if a user opens a locally saved HTML file, this file can use file: URIs to access other files in the same…
CVE-2019-11715 — CVSS 6.1 (medium): Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards…
CVE-2018-12384 — CVSS 5.9 (medium): When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead…
CVE-2018-12404 — CVSS 5.9 (medium): A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant…
CVE-2019-11717 — CVSS 5.3 (medium): A vulnerability exists where the caret ("^") character is improperly escaped constructing some URIs due to it being used as a separator…
CVE-2018-0495 — CVSS 4.7 (medium): Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through…