apache2-mod_nss (SUSE:OpenStack Cloud 7) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:OpenStack Cloud 7 package apache2-mod_nss, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (10)
CVE-2018-12378 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload…
CVE-2018-12376 — CVSS 9.8 (critical): Memory safety bugs present in Firefox 61 and Firefox ESR 60.1. Some of these bugs showed evidence of memory corruption and we presume that…
CVE-2018-12377 — CVSS 9.8 (critical): A use-after-free vulnerability can occur when refresh driver timers are refreshed in some circumstances during shutdown when the timer is…
CVE-2018-12387 — CVSS 9.1 (critical): A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer…
CVE-2018-12386 — CVSS 8.1 (high): A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to…
CVE-2018-12379 — CVSS 7.8 (high): When the Mozilla Updater opens a MAR format file which contains a very long item filename, an out-of-bounds write can be triggered, leading…
CVE-2018-12385 — CVSS 7.0 (high): A potentially exploitable crash in TransportSecurityInfo used for SSL can be triggered by data stored in the local cache in the user…
CVE-2017-16541 — CVSS 6.5 (medium): Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to bypass the intended anonymity feature and discover a client IP…
CVE-2018-12383 — CVSS 5.5 (medium): If a user saved passwords before Firefox 58 and then later set a master password, an unencrypted copy of these passwords is still…
CVE-2018-12381 — CVSS 5.3 (medium): Manually dragging and dropping an Outlook email message into the browser will trigger a page navigation when the message's mail columns are…