Max CVSS 10.0 Min CVSS 1.2 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2020-12402 1.2
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to re
04-01-2022 - 16:38 09-07-2020 - 15:15
CVE-2019-11745 6.8
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerabilit
19-02-2021 - 17:22 08-01-2020 - 20:15
CVE-2019-17007 5.0
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.
19-02-2021 - 16:58 22-10-2020 - 21:15
CVE-2020-6829 5.0
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the p
03-11-2020 - 13:39 28-10-2020 - 12:15
CVE-2019-11745 6.8
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerabilit
30-09-2020 - 18:15 08-01-2020 - 20:15
CVE-2020-12402 1.2
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to re
30-09-2020 - 18:15 09-07-2020 - 15:15
CVE-2014-1492 4.3
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which
09-10-2018 - 19:42 25-03-2014 - 13:25
CVE-2013-1620 4.3
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct di
09-10-2018 - 19:33 08-02-2013 - 19:55
CVE-2014-1545 10.0
Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions. Per: http://cwe.mitre.org/data/defini
28-12-2017 - 02:29 11-06-2014 - 10:57
CVE-2016-1979 6.8
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly h
04-11-2017 - 01:29 13-03-2016 - 18:59
CVE-2014-1568 7.5
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31
29-08-2017 - 01:34 25-09-2014 - 17:55
CVE-2015-2730 4.3
Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which
28-12-2016 - 02:59 06-07-2015 - 02:01
Back to Top Mark selected
Back to Top