mozilla-nss (SUSE:Linux Enterprise Server 15-LTSS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 15-LTSS package mozilla-nss, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (11)
CVE-2019-17006 — CVSS 9.8 (critical): In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application…
CVE-2021-43527 — CVSS 9.8 (critical): NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or…
CVE-2020-12403 — CVSS 9.1 (critical): A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could…
CVE-2022-31741 — CVSS 8.8 (high): A crafted CMS message could have been processed incorrectly, leading to an invalid memory read, and potentially further memory corruption…
CVE-2020-25648 — CVSS 7.5 (high): A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS…
CVE-2022-1097 — CVSS 6.5 (medium): <code>NSSToken</code> objects were referenced via direct points, and could have been accessed in an unsafe way on different threads…
CVE-2020-6829 — CVSS 5.3 (medium): When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about…
CVE-2020-12401 — CVSS 4.7 (medium): During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed…
CVE-2020-12400 — CVSS 4.7 (medium): When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible…
CVE-2020-12399 — CVSS 4.4 (medium): NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This…
CVE-2020-12402 — CVSS 4.4 (medium): During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly…