Search for packages
| purl | pkg:deb/ubuntu/nss@2:3.15.1-1ubuntu1 |
| Next non-vulnerable version | 2:3.49.1-1ubuntu1.5 |
| Latest non-vulnerable version | 2:3.49.1-1ubuntu1.5 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-163k-wrg5-aaaf
Aliases: CVE-2017-11697 |
The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file. |
Affected by 6 other vulnerabilities. |
|
VCID-1p7z-v8n6-aaaa
Aliases: CVE-2016-1938 |
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function. |
Affected by 33 other vulnerabilities. Affected by 34 other vulnerabilities. |
|
VCID-2sza-nrr3-aaam
Aliases: CVE-2020-12400 |
When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack. This vulnerability affects Firefox < 80 and Firefox for Android < 80. |
Affected by 1 other vulnerability. |
|
VCID-2zab-6bzp-aaae
Aliases: CVE-2015-7575 |
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. |
Affected by 35 other vulnerabilities. Affected by 34 other vulnerabilities. |
|
VCID-34n3-7gmm-aaap
Aliases: CVE-2020-12402 |
During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. *Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might. This vulnerability affects Firefox < 78. |
Affected by 10 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-3ewf-dckr-aaam
Aliases: CVE-2020-12399 |
NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9. |
Affected by 9 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-4bc8-eeb6-aaar
Aliases: CVE-2019-11729 |
Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. |
Affected by 14 other vulnerabilities. |
|
VCID-4qww-3wn9-aaag
Aliases: CVE-2014-3566 |
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. |
Affected by 42 other vulnerabilities. Affected by 41 other vulnerabilities. |
|
VCID-4wy8-mw8h-aaad
Aliases: CVE-2016-8635 |
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group. |
Affected by 26 other vulnerabilities. Affected by 26 other vulnerabilities. |
|
VCID-4yuf-rn92-aaad
Aliases: CVE-2015-7181 |
The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a "use-after-poison" issue. |
Affected by 36 other vulnerabilities. |
|
VCID-5qwa-3ng8-aaan
Aliases: CVE-2016-1950 |
Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. |
Affected by 35 other vulnerabilities. Affected by 31 other vulnerabilities. |
|
VCID-63gn-a78n-aaar
Aliases: CVE-2016-1978 |
Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption. |
Affected by 33 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-68du-qrk9-aaaq
Aliases: CVE-2019-17007 |
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. |
Affected by 13 other vulnerabilities. |
|
VCID-83kk-gd67-aaag
Aliases: CVE-2018-12384 |
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact TLS 1.3. |
Affected by 23 other vulnerabilities. Affected by 18 other vulnerabilities. |
|
VCID-97b8-7cm1-aaaj
Aliases: CVE-2017-11698 |
Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. |
Affected by 6 other vulnerabilities. |
|
VCID-985n-34bg-aaaq
Aliases: CVE-2020-12401 |
During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data. This vulnerability affects Firefox < 80 and Firefox for Android < 80. |
Affected by 1 other vulnerability. |
|
VCID-9d9j-feb8-aaad
Aliases: CVE-2017-5461 |
Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations. |
Affected by 23 other vulnerabilities. Affected by 24 other vulnerabilities. |
|
VCID-b8zr-szzz-aaaa
Aliases: CVE-2018-18508 |
In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service. |
Affected by 25 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
VCID-cgja-yam4-aaac
Aliases: CVE-2015-7182 |
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data. |
Affected by 36 other vulnerabilities. |
|
VCID-craa-q6ya-aaag
Aliases: CVE-2016-9074 |
An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. |
Affected by 26 other vulnerabilities. Affected by 26 other vulnerabilities. |
|
VCID-cwzy-r8fp-aaab
Aliases: CVE-2017-5462 |
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28.4. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. |
Affected by 23 other vulnerabilities. Affected by 24 other vulnerabilities. |
|
VCID-d91d-8t7r-aaag
Aliases: CVE-2018-0495 |
Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_ecc_ecdsa_sign function in cipher/ecc-ecdsa.c, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. |
Affected by 23 other vulnerabilities. Affected by 18 other vulnerabilities. |
|
VCID-dxs2-xsdx-aaad
Aliases: CVE-2017-7805 |
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52.4. |
Affected by 25 other vulnerabilities. Affected by 21 other vulnerabilities. |
|
VCID-e56e-1t6d-aaaa
Aliases: CVE-2019-11727 |
A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages. This vulnerability affects Firefox < 68. |
Affected by 14 other vulnerabilities. |
|
VCID-efmq-6t1q-aaak
Aliases: CVE-2016-2834 |
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. |
Affected by 30 other vulnerabilities. Affected by 30 other vulnerabilities. |
|
VCID-eyht-xve2-aaag
Aliases: CVE-2016-5285 |
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. |
Affected by 26 other vulnerabilities. Affected by 26 other vulnerabilities. |
|
VCID-fvpt-7dgk-aaaq
Aliases: CVE-2018-12404 |
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41. |
Affected by 23 other vulnerabilities. Affected by 18 other vulnerabilities. |
|
VCID-fxt6-et8u-aaak
Aliases: CVE-2016-1979 |
Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. |
Affected by 33 other vulnerabilities. Affected by 32 other vulnerabilities. |
|
VCID-gd1d-srzb-aaae
Aliases: CVE-2019-17006 |
In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. |
Affected by 11 other vulnerabilities. |
|
VCID-j94t-bkp4-aaap
Aliases: CVE-2014-1544 |
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain. |
Affected by 44 other vulnerabilities. |
|
VCID-mfgf-bqs7-aaan
Aliases: CVE-2020-6829 |
When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80. |
Affected by 1 other vulnerability. |
|
VCID-nmrv-12mz-aaag
Aliases: CVE-2016-9574 |
nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA. |
Affected by 26 other vulnerabilities. Affected by 26 other vulnerabilities. |
|
VCID-p8d3-gs41-aaan
Aliases: CVE-2020-12403 |
A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability. |
Affected by 0 other vulnerabilities. |
|
VCID-pdjz-q1vh-aaab
Aliases: CVE-2015-2721 |
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attackers to defeat cryptographic protection mechanisms by blocking messages, as demonstrated by removing a forward-secrecy property by blocking a ServerKeyExchange message, aka a "SMACK SKIP-TLS" issue. |
Affected by 38 other vulnerabilities. |
|
VCID-pmtm-skvc-aaar
Aliases: CVE-2015-4000 |
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. |
Affected by 38 other vulnerabilities. Affected by 38 other vulnerabilities. |
|
VCID-qbz3-r843-aaaf
Aliases: CVE-2016-2183 VC-OPENSSL-20160824-CVE-2016-2183 |
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. |
Affected by 23 other vulnerabilities. Affected by 22 other vulnerabilities. |
|
VCID-quek-p7ev-aaae
Aliases: CVE-2014-1492 |
The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate. |
Affected by 45 other vulnerabilities. |
|
VCID-re8h-cyhw-aaae
Aliases: CVE-2019-11745 |
When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 68.3, Firefox ESR < 68.3, and Firefox < 71. |
Affected by 12 other vulnerabilities. |
|
VCID-rhft-c5mp-aaam
Aliases: CVE-2014-1569 |
The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function's improper handling of an arbitrary-length encoding of 0x00. |
Affected by 42 other vulnerabilities. |
|
VCID-s9wu-7hy6-aaaj
Aliases: CVE-2017-11695 |
Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. |
Affected by 6 other vulnerabilities. |
|
VCID-uq2y-9zad-aaan
Aliases: CVE-2015-2730 |
Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Elliptical Curve Cryptography (ECC) multiplications, which makes it easier for remote attackers to spoof ECDSA signatures via unspecified vectors. |
Affected by 38 other vulnerabilities. |
|
VCID-us3r-6g1m-aaag
Aliases: CVE-2019-17023 |
After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored. This vulnerability affects Firefox < 72. |
Affected by 9 other vulnerabilities. Affected by 6 other vulnerabilities. |
|
VCID-uz8y-66qe-aaap
Aliases: CVE-2014-1568 |
Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. |
Affected by 42 other vulnerabilities. |
|
VCID-vx85-68mr-aaaj
Aliases: CVE-2017-11696 |
Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. |
Affected by 6 other vulnerabilities. |
|
VCID-y1t9-w1k3-aaaj
Aliases: CVE-2019-11719 |
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8. |
Affected by 14 other vulnerabilities. |
|
VCID-zmuk-dne3-aaaf
Aliases: CVE-2017-7502 |
Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker. |
Affected by 25 other vulnerabilities. Affected by 23 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|