apache2-mod_nss (SUSE:Linux Enterprise Server for SAP Applications 12 SP1) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server for SAP Applications 12 SP1 package apache2-mod_nss, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (14)
CVE-2018-12376 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that…
CVE-2018-12378 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload…
CVE-2015-5244 — CVSS 9.8 (critical): The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions.
CVE-2018-12377 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is…
CVE-2018-12387 — CVSS 9.1 (critical): A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer…
CVE-2018-12386 — CVSS 8.1 (high): A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to…
CVE-2018-12379 — CVSS 7.8 (high): When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading…
CVE-2016-3099 — CVSS 7.5 (high): mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat…
CVE-2018-12385 — CVSS 7.0 (high): A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user…
CVE-2017-16541 — CVSS 6.5 (medium): Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP…
CVE-2018-12383 — CVSS 5.5 (medium): If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still…
CVE-2018-12381 — CVSS 5.3 (medium): Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are…
CVE-2013-4566 — CVSS 4.0 (medium): mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the server/vhost context, does not enforce the NSSVerifyClient setting…
CVE-2014-3566 — CVSS 3.4 (low): The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for…