Max CVSS | 10.0 | Min CVSS | 1.2 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2015-7183 | 7.5 |
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and othe
|
22-10-2024 - 13:42 | 05-11-2015 - 05:59 | |
CVE-2015-7575 | 4.3 |
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it e
|
22-10-2024 - 13:42 | 09-01-2016 - 02:59 | |
CVE-2015-4000 | 4.3 |
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a Clie
|
22-10-2024 - 13:42 | 21-05-2015 - 00:59 | |
CVE-2013-5607 | 7.5 |
Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attacker
|
21-10-2024 - 13:55 | 20-11-2013 - 14:12 | |
CVE-2014-1544 | 10.0 |
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to e
|
21-10-2024 - 13:55 | 23-07-2014 - 11:12 | |
CVE-2014-1568 | 7.5 |
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31
|
21-10-2024 - 13:55 | 25-09-2014 - 17:55 | |
CVE-2012-0441 | 5.0 |
The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey b
|
21-10-2024 - 13:55 | 05-06-2012 - 23:55 | |
CVE-2017-7805 | 5.0 |
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocat
|
21-10-2024 - 13:11 | 11-06-2018 - 21:29 | |
CVE-2019-12384 | 4.3 |
FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be
|
13-09-2023 - 14:16 | 24-06-2019 - 16:15 | |
CVE-2020-6829 | 5.0 |
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the p
|
20-02-2023 - 17:15 | 28-10-2020 - 12:15 | |
CVE-2019-10132 | 6.5 |
A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock
|
12-02-2023 - 23:32 | 22-05-2019 - 18:29 | |
CVE-2017-7502 | 5.0 |
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker.
|
12-02-2023 - 23:30 | 30-05-2017 - 18:29 | |
CVE-2016-8635 | 4.3 |
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired g
|
12-02-2023 - 23:26 | 01-08-2018 - 13:29 | |
CVE-2016-5008 | 4.3 |
libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set to an empty string, which allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
|
12-02-2023 - 23:22 | 13-07-2016 - 15:59 | |
CVE-2013-1620 | 4.3 |
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct di
|
21-12-2022 - 17:30 | 08-02-2013 - 19:55 | |
CVE-2020-25637 | 7.2 |
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, cl
|
07-11-2022 - 17:35 | 06-10-2020 - 14:15 | |
CVE-2020-12402 | 1.2 |
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to re
|
04-01-2022 - 16:38 | 09-07-2020 - 15:15 | |
CVE-2018-3639 | 2.1 |
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access vi
|
13-08-2021 - 15:26 | 22-05-2018 - 12:29 | |
CVE-2017-5461 | 7.5 |
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other i
|
20-07-2021 - 23:15 | 11-05-2017 - 01:29 | |
CVE-2017-1000061 | 5.8 |
xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion when parsing crafted input documents, resulting in possible information disclosure or denial of service
|
14-06-2021 - 18:15 | 17-07-2017 - 13:18 | |
CVE-2019-11745 | 6.8 |
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerabilit
|
19-02-2021 - 17:22 | 08-01-2020 - 20:15 | |
CVE-2019-17007 | 5.0 |
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.
|
19-02-2021 - 16:58 | 22-10-2020 - 21:15 | |
CVE-2018-5748 | 5.0 |
qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of service (memory consumption) via a large QEMU reply.
|
15-10-2020 - 13:28 | 25-01-2018 - 16:29 | |
CVE-2019-10168 | 4.6 |
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs, 4.x.x before 4.10.1 and 5.x.x before 5.4.1, accept an "emulator" argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will ex
|
15-10-2020 - 13:28 | 02-08-2019 - 13:15 | |
CVE-2020-25637 | None |
A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain. This flaw affects the polkit access control driver. Specifically, cl
|
06-10-2020 - 14:36 | 06-10-2020 - 14:15 | |
CVE-2019-11745 | 6.8 |
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerabilit
|
30-09-2020 - 18:15 | 08-01-2020 - 20:15 | |
CVE-2020-12402 | 1.2 |
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to re
|
30-09-2020 - 18:15 | 09-07-2020 - 15:15 | |
CVE-2018-12384 | 4.3 |
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.3
|
24-08-2020 - 17:37 | 29-04-2019 - 15:29 | |
CVE-2019-11091 | 4.7 |
Microarchitectural Data Sampling Uncacheable Memory (MDSUM): Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access.
|
24-08-2020 - 17:37 | 30-05-2019 - 16:29 | |
CVE-2020-10703 | 4.0 |
A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3.10.0, and fixed in libvirt 6.0.0, for fetching a storage pool based on its target path. In more detail, this flaw affects storage pools created witho
|
16-06-2020 - 03:15 | 02-06-2020 - 13:15 | |
CVE-2018-6764 | 4.6 |
util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.
|
03-10-2019 - 00:03 | 23-02-2018 - 17:29 | |
CVE-2019-3863 | 6.8 |
A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bound
|
14-05-2019 - 21:29 | 25-03-2019 - 18:29 | |
CVE-2019-3840 | 3.5 |
A NULL pointer dereference flaw was discovered in libvirt before version 5.0.0 in the way it gets interface information through the QEMU agent. An attacker in a guest VM can use this flaw to crash libvirtd and cause a denial of service.
|
05-05-2019 - 05:29 | 27-03-2019 - 13:29 | |
CVE-2018-8037 | 4.3 |
If an async request was completed by the application at the same time as the container triggered the async timeout, a race condition existed that could result in a user seeing a response intended for a different user. An additional issue was present
|
15-04-2019 - 16:31 | 02-08-2018 - 14:29 | |
CVE-2014-1492 | 4.3 |
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which
|
09-10-2018 - 19:42 | 25-03-2014 - 13:25 | |
CVE-2014-1545 | 10.0 |
Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions. Per: http://cwe.mitre.org/data/defini
|
28-12-2017 - 02:29 | 11-06-2014 - 10:57 | |
CVE-2016-1979 | 6.8 |
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly h
|
04-11-2017 - 01:29 | 13-03-2016 - 18:59 | |
CVE-2014-1569 | 7.5 |
The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers
|
22-09-2017 - 01:29 | 15-12-2014 - 18:59 | |
CVE-2010-3170 | 4.3 |
Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-th
|
19-09-2017 - 01:31 | 21-10-2010 - 19:00 | |
CVE-2013-0743 | 5.0 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA at the suggestion of the CVE project team. The candidate had been associated with a correct report of a security problem, but not a p
|
16-12-2016 - 02:59 | 25-01-2013 - 18:55 |