Search for packages
| purl | pkg:deb/debian/nss@2:3.121-1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1ert-2qyc-cfc1 | security update |
CVE-2014-1492
|
| VCID-2tts-gwgd-zqcz | A vulnerability has been discovered in NSS, which can lead to the recovery of private data. |
CVE-2023-5388
|
| VCID-2w58-mdmk-guh8 | Mozilla has updated the version of Network Security Services (NSS) library used in Firefox to NSS 3.23. This addresses four moderate rated networking security issues reported by Mozilla engineers Tyson Smith and Jed Davis. |
CVE-2016-2834
|
| VCID-2w9f-avet-g7c5 | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird, the worst of which may allow user-assisted execution of arbitrary code. |
CVE-2015-7181
|
| VCID-2zrv-q4tb-wqeg | The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Both the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel. By sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim's key. The issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper. |
CVE-2023-4421
|
| VCID-3nrj-5r53-37ab | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could lead to remote code execution. |
CVE-2023-6135
|
| VCID-46cy-x3cp-tke5 | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. |
CVE-2024-0743
|
| VCID-5wqt-2dtu-8qa4 | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1950
|
| VCID-6fvj-phnx-kfgs | After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. |
CVE-2019-17023
|
| VCID-7msj-wyd6-zkbe | nss: Check length of inputs for cryptographic primitives |
CVE-2019-17006
|
| VCID-8j3v-g9xv-gud5 | Multiple vulnerabilities have been discovered in Mozilla Network Security Service, the worst of which could lead to Denial of Service. |
CVE-2013-1741
|
| VCID-8qtg-h4km-bfg2 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11719
|
| VCID-8z26-rmnt-m7bw | Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation. |
CVE-2011-3640
|
| VCID-9e9c-9p3v-87e9 | Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation. |
CVE-2010-3173
|
| VCID-9mux-fuyc-a7dx | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1938
|
| VCID-aaas-s64r-gfhg | Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation. |
CVE-2010-3170
|
| VCID-b1m6-r1bv-d7gr | Multiple vulnerabilities have been found in PolarSSL, the worst of which might allow a remote attacker to cause a Denial of Service condition. |
CVE-2013-0169
|
| VCID-b3mt-3nfn-suc1 | several |
CVE-2014-1490
|
| VCID-bfd8-7p4k-abae | Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation. |
CVE-2012-0441
|
| VCID-bhzh-jj66-uudh | Multiple vulnerabilities have been discovered in NSS, the worst of which could result in arbitrary code execution. |
CVE-2022-3479
|
| VCID-cgvg-aj53-kkbp | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution. |
CVE-2023-0767
|
| VCID-dh3c-g3k3-zkb7 | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could lead to the execution of arbitrary code. |
CVE-2017-7805
|
| VCID-dk4z-1j37-aucx | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1979
|
| VCID-dtrc-mwu9-2bdf | Multiple vulnerabilities have been discovered in Mozilla Network Security Service, the worst of which could lead to Denial of Service. |
CVE-2013-5605
|
| VCID-e1yx-dxa6-1bba | Multiple vulnerabilities have been found in the Oracle JRE/JDK, allowing attackers to cause unspecified impact. |
CVE-2011-3389
|
| VCID-ekxy-vaed-u7cg | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird the worst of which could lead to the execution of arbitrary code. |
CVE-2016-9074
|
| VCID-ewe9-39b1-kba2 | A vulnerability in NSS might allow remote attackers to cause a Denial of Service condition. |
CVE-2020-25648
|
| VCID-fgv4-bz59-h7g7 | Multiple vulnerabilities have been found in Mozilla Network Security Service (NSS), the worst of which may lead to arbitrary code execution. |
CVE-2018-18508
|
| VCID-frwk-mbxe-jbhp | Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation. |
CVE-2009-2404
|
| VCID-fz23-zbk9-gugq | Multiple vulnerabilities in the Sun JDK and JRE allow for several attacks, including the remote execution of arbitrary code. |
CVE-2009-2409
|
| VCID-gfj6-dsud-g3fh | Multiple vulnerabilities have been found in NSS, the worst of which may allow execution of arbitrary code. |
CVE-2017-5462
|
| VCID-gret-hn3p-5kbk | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-7531
|
| VCID-hs5f-21nx-gfeb | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11729
|
| VCID-hs79-pemh-vfd6 | nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA |
CVE-2016-9574
|
| VCID-jau7-gfz8-dkfa | The renegotiation vulnerability in SSL protocol |
CVE-2009-3555
GHSA-f7w7-6pjc-wwm6 VU#120541 |
| VCID-jm5w-6pdb-bbes | Multiple vulnerabilities have been discovered in Mozilla Network Security Service, the worst of which could lead to Denial of Service. |
CVE-2013-5606
|
| VCID-jmhk-12t1-kugh | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird, the worst of which may allow user-assisted execution of arbitrary code. |
CVE-2015-2730
|
| VCID-jrsz-ynp7-wbb2 | Multiple vulnerabilities have been discovered in NSS, the worst of which could result in arbitrary code execution. |
CVE-2021-43527
|
| VCID-jvrr-2gej-bfby | nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello |
CVE-2018-12384
|
| VCID-k2s2-zkua-8ydy | NSS has an information disclosure vulnerability when handling DSA keys. |
CVE-2020-12399
|
| VCID-k4a4-f1as-x3bj | NSS has multiple information disclosure vulnerabilities when handling secret key material. |
CVE-2020-12400
|
| VCID-k8ap-r7e3-cuem | Multiple vulnerabilities have been found in OpenSSL, the worst allowing remote attackers to decrypt TLS sessions. |
CVE-2016-0800
|
| VCID-kxvg-qw8v-vydv | Multiple vulnerabilities have been found in NSS, the worst of which may allow execution of arbitrary code. |
CVE-2017-5461
|
| VCID-mwjm-p7pr-kfhj | nss: false start PR_Recv information disclosure security issue |
CVE-2013-1740
|
| VCID-mwyu-5rk2-xbbz | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird, the worst of which may allow user-assisted execution of arbitrary code. |
CVE-2015-2721
|
| VCID-mx8t-s47w-wud5 | When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. |
CVE-2020-6829
|
| VCID-paez-g9wh-mfeq | Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which arbitrary code execution. |
CVE-2024-6609
|
| VCID-pc13-zwmr-p7hz | Multiple vulnerabilities have been found in NSS, the worst of which could allow remote attackers to obtain access to private key information. |
CVE-2016-8635
|
| VCID-qdev-8m9n-8bbr | security update |
CVE-2014-1568
|
| VCID-qdqz-admy-e7cg | security update |
CVE-2014-1491
|
| VCID-qup9-qy11-fqhe | Multiple vulnerabilities have been found in mbed TLS, the worst of which could lead to the remote execution of arbitrary code. |
CVE-2015-7575
|
| VCID-rk7t-zjzg-eqar | NSS has multiple information disclosure vulnerabilities when handling secret key material. |
CVE-2020-12401
|
| VCID-rzqy-gheq-cqgg | Multiple vulnerabilities have been found in Oracle's JRE and JDK software suites allowing remote attackers to remotely execute arbitrary code, obtain information, and cause Denial of Service. |
CVE-2015-4000
|
| VCID-sucm-cq7u-r3en | nss: Information exposure when DH secret are reused across multiple TLS connections |
CVE-2020-12413
|
| VCID-szzk-wxm2-cfgj | NSS has multiple information disclosure vulnerabilities when handling secret key material. |
CVE-2020-12403
|
| VCID-t89f-eksr-juen | nss: Null pointer dereference when handling empty SSLv2 messages |
CVE-2017-7502
|
| VCID-tqc3-eb8c-q3f9 | Multiple vulnerabilities have been discovered in Mozilla Network Security Service, the worst of which could lead to Denial of Service. |
CVE-2013-1620
|
| VCID-ukuz-m6d3-5kab | Multiple vulnerabilities have been found in NSS, the worst of which could allow remote attackers to obtain access to private key information. |
CVE-2016-5285
|
| VCID-uqv9-vr1q-6ya1 | Multiple vulnerabilities have been discovered in Mozilla Network Security Service, the worst of which could lead to Denial of Service. |
CVE-2013-1739
|
| VCID-uytp-sf6j-xyf6 | Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may allow execution of arbitrary code or local privilege escalation. |
CVE-2009-2408
|
| VCID-uzt2-tufb-rua5 | security update |
CVE-2014-1569
|
| VCID-vjas-pry4-93cz | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2020-12402
|
| VCID-vszp-vyxy-f7g7 | Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. |
CVE-2026-2781
|
| VCID-vzb9-aeqz-hybr | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11745
|
| VCID-w5wp-ujx1-vkhp | security update |
CVE-2014-1544
|
| VCID-w794-gqex-83du | Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. |
CVE-2024-6602
|
| VCID-wavp-f4kn-j3cm | Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. |
CVE-2019-11727
|
| VCID-wut5-sqr6-mubd | Multiple vulnerabilities have been found in Firefox, Thunderbird, Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with the worst of which may allow remote execution of arbitrary code. |
CVE-2016-1978
|
| VCID-x1ty-wqph-gkak | nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS |
CVE-2019-17007
|
| VCID-xap5-djda-2uem | Multiple vulnerabilities have been found in Oracle JRE/JDK, allowing both local and remote attackers to compromise various Java components. |
CVE-2014-3566
|
| VCID-y43f-tmvr-hqas | Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. |
CVE-2022-22747
|
| VCID-yazh-n5vb-pkf1 | Multiple vulnerabilities have been found in Mozilla Firefox, Thunderbird, and SeaMonkey, some of which may allow a remote user to execute arbitrary code. |
CVE-2013-0791
|
| VCID-ykkw-a6a1-43fe | nss: Cache side-channel variant of the Bleichenbacher attack |
CVE-2018-12404
|
| VCID-z26z-btvf-x7eq | Multiple vulnerabilities have been found in Mozilla Firefox and Thunderbird, the worst of which may allow user-assisted execution of arbitrary code. |
CVE-2015-7182
|