Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:rpm/redhat/nss-softokn@3.53.1-6?arch=el7_9
purl pkg:rpm/redhat/nss-softokn@3.53.1-6?arch=el7_9
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (10)
Vulnerability Summary Fixed by
VCID-6fvj-phnx-kfgs
Aliases:
CVE-2019-17023
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. There are no reported fixed by versions.
VCID-7msj-wyd6-zkbe
Aliases:
CVE-2019-17006
nss: Check length of inputs for cryptographic primitives There are no reported fixed by versions.
VCID-8qtg-h4km-bfg2
Aliases:
CVE-2019-11719
Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code. There are no reported fixed by versions.
VCID-k4a4-f1as-x3bj
Aliases:
CVE-2020-12400
NSS has multiple information disclosure vulnerabilities when handling secret key material. There are no reported fixed by versions.
VCID-mx8t-s47w-wud5
Aliases:
CVE-2020-6829
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. There are no reported fixed by versions.
VCID-n6s1-tsx2-7fee
Aliases:
CVE-2019-11756
Improper refcounting of soft token session objects could cause a use-after-free and crash (likely limited to a denial of service). There are no reported fixed by versions.
VCID-rk7t-zjzg-eqar
Aliases:
CVE-2020-12401
NSS has multiple information disclosure vulnerabilities when handling secret key material. There are no reported fixed by versions.
VCID-szzk-wxm2-cfgj
Aliases:
CVE-2020-12403
NSS has multiple information disclosure vulnerabilities when handling secret key material. There are no reported fixed by versions.
VCID-vjas-pry4-93cz
Aliases:
CVE-2020-12402
Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. There are no reported fixed by versions.
VCID-wavp-f4kn-j3cm
Aliases:
CVE-2019-11727
Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T14:18:25.424915+00:00 RedHat Importer Affected by VCID-wavp-f4kn-j3cm https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11727.json 38.0.0
2026-04-01T14:18:24.637060+00:00 RedHat Importer Affected by VCID-8qtg-h4km-bfg2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11719.json 38.0.0
2026-04-01T14:14:53.375342+00:00 RedHat Importer Affected by VCID-n6s1-tsx2-7fee https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11756.json 38.0.0
2026-04-01T14:14:32.862002+00:00 RedHat Importer Affected by VCID-7msj-wyd6-zkbe https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17006.json 38.0.0
2026-04-01T14:14:29.697580+00:00 RedHat Importer Affected by VCID-6fvj-phnx-kfgs https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17023.json 38.0.0
2026-04-01T14:06:28.088644+00:00 RedHat Importer Affected by VCID-vjas-pry4-93cz https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12402.json 38.0.0
2026-04-01T14:06:27.968383+00:00 RedHat Importer Affected by VCID-mx8t-s47w-wud5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6829.json 38.0.0
2026-04-01T14:05:57.179774+00:00 RedHat Importer Affected by VCID-rk7t-zjzg-eqar https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12401.json 38.0.0
2026-04-01T14:05:32.060564+00:00 RedHat Importer Affected by VCID-szzk-wxm2-cfgj https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12403.json 38.0.0
2026-04-01T14:05:30.462952+00:00 RedHat Importer Affected by VCID-k4a4-f1as-x3bj https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12400.json 38.0.0