cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2016-5285,https://securityvulnerability.io/vulnerability/CVE-2016-5285,,"A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.",Mozilla,Network Security Services,7.5,HIGH,0.02054000087082386,false,,false,false,false,,,false,false,,2019-11-15T15:44:05.000Z,0
CVE-2018-12404,https://securityvulnerability.io/vulnerability/CVE-2018-12404,,A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.,Mozilla,Network Security Services (nss),5.9,MEDIUM,0.02329999953508377,false,,false,false,false,,,false,false,,2019-05-02T16:40:14.000Z,0
CVE-2017-11696,https://securityvulnerability.io/vulnerability/CVE-2017-11696,,Heap-based buffer overflow in the __hash_open function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.,Mozilla,Network Security Services,7.8,HIGH,0.0013000000035390258,false,,false,false,false,,,false,false,,2017-12-27T19:00:00.000Z,0
CVE-2017-11698,https://securityvulnerability.io/vulnerability/CVE-2017-11698,,Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.,Mozilla,Network Security Services,7.8,HIGH,0.0013000000035390258,false,,false,false,false,,,false,false,,2017-12-27T19:00:00.000Z,0
CVE-2017-11697,https://securityvulnerability.io/vulnerability/CVE-2017-11697,,The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file.,Mozilla,Network Security Services,7.8,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2017-12-27T19:00:00.000Z,0
CVE-2017-11695,https://securityvulnerability.io/vulnerability/CVE-2017-11695,,Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.,Mozilla,Network Security Services,7.8,HIGH,0.0013000000035390258,false,,false,false,false,,,false,false,,2017-12-27T19:00:00.000Z,0
CVE-2016-1979,https://securityvulnerability.io/vulnerability/CVE-2016-1979,,"Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding.",Mozilla,"Firefox,Network Security Services",8.8,HIGH,0.04287999868392944,false,,false,false,false,,,false,false,,2016-03-13T18:00:00.000Z,0
CVE-2016-1978,https://securityvulnerability.io/vulnerability/CVE-2016-1978,,"Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange function in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL (1) DHE or (2) ECDHE handshake at a time of high memory consumption.",Mozilla,"Firefox,Network Security Services",7.3,HIGH,0.05697999894618988,false,,false,false,false,,,false,false,,2016-03-13T18:00:00.000Z,0
CVE-2016-1950,https://securityvulnerability.io/vulnerability/CVE-2016-1950,,"Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate.",Mozilla,"Network Security Services,Firefox,Firefox Esr",8.8,HIGH,0.008990000002086163,false,,false,false,false,,,false,false,,2016-03-13T18:00:00.000Z,0
CVE-2015-7575,https://securityvulnerability.io/vulnerability/CVE-2015-7575,,"Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.",Mozilla,Network Security Services,5.9,MEDIUM,0.0026000000070780516,false,,false,false,false,,,false,false,,2016-01-09T02:00:00.000Z,0
CVE-2015-7181,https://securityvulnerability.io/vulnerability/CVE-2015-7181,,"The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, improperly restricts access to an unspecified data structure, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data, related to a ""use-after-poison"" issue.",Mozilla,Network Security Services,,,0.06683000177145004,false,,false,false,false,,,false,false,,2015-11-05T02:00:00.000Z,0
CVE-2014-1569,https://securityvulnerability.io/vulnerability/CVE-2014-1569,,"The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function's improper handling of an arbitrary-length encoding of 0x00.",Mozilla,Network Security Services,,,0.01868000067770481,false,,false,false,false,,,false,false,,2014-12-15T17:27:00.000Z,0
CVE-2014-1544,https://securityvulnerability.io/vulnerability/CVE-2014-1544,,"Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger certain improper removal of an NSSCertificate structure from a trust domain.",Mozilla,"Network Security Services,Firefox Esr,Thunderbird,Firefox",,,0.11392000317573547,false,,false,false,false,,,false,false,,2014-07-23T10:00:00.000Z,0
CVE-2014-1492,https://securityvulnerability.io/vulnerability/CVE-2014-1492,,"The cert_TestHostName function in lib/certdb/certdb.c in the certificate-checking implementation in Mozilla Network Security Services (NSS) before 3.16 accepts a wildcard character that is embedded in an internationalized domain name's U-label, which might allow man-in-the-middle attackers to spoof SSL servers via a crafted certificate.",Mozilla,Network Security Services,,,0.0024999999441206455,false,,false,false,false,,,false,false,,2014-03-25T01:00:00.000Z,0
CVE-2014-1490,https://securityvulnerability.io/vulnerability/CVE-2014-1490,,"Race condition in libssl in Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors involving a resumption handshake that triggers incorrect replacement of a session ticket.",Mozilla,"Network Security Services,Seamonkey,Firefox,Firefox Esr,Thunderbird",,,0.023639999330043793,false,,false,false,false,,,false,false,,2014-02-06T02:00:00.000Z,0
CVE-2014-1491,https://securityvulnerability.io/vulnerability/CVE-2014-1491,,"Mozilla Network Security Services (NSS) before 3.15.4, as used in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, SeaMonkey before 2.24, and other products, does not properly restrict public values in Diffie-Hellman key exchanges, which makes it easier for remote attackers to bypass cryptographic protection mechanisms in ticket handling by leveraging use of a certain value.",Mozilla,"Network Security Services,Seamonkey,Firefox,Firefox Esr,Thunderbird",,,0.012799999676644802,false,,false,false,false,,,false,false,,2014-02-06T02:00:00.000Z,0
CVE-2013-1740,https://securityvulnerability.io/vulnerability/CVE-2013-1740,,"The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla Network Security Services (NSS) before 3.15.4, when the TLS False Start feature is enabled, allows man-in-the-middle attackers to spoof SSL servers by using an arbitrary X.509 certificate during certain handshake traffic.",Mozilla,Network Security Services,,,0.0012799999676644802,false,,false,false,false,,,false,false,,2014-01-18T22:00:00.000Z,0
CVE-2013-1741,https://securityvulnerability.io/vulnerability/CVE-2013-1741,,Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value.,Mozilla,Network Security Services,,,0.10098999738693237,false,,false,false,false,,,false,false,,2013-11-18T05:23:00.000Z,0
CVE-2013-5605,https://securityvulnerability.io/vulnerability/CVE-2013-5605,,Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid handshake packets.,Mozilla,Network Security Services,,,0.07249999791383743,false,,false,false,false,,,false,false,,2013-11-18T05:23:00.000Z,0
CVE-2013-5606,https://securityvulnerability.io/vulnerability/CVE-2013-5606,,"The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 provides an unexpected return value for an incompatible key-usage certificate when the CERTVerifyLog argument is valid, which might allow remote attackers to bypass intended access restrictions via a crafted certificate.",Mozilla,Network Security Services,,,0.005609999876469374,false,,false,false,false,,,false,false,,2013-11-18T05:23:00.000Z,0
CVE-2013-1739,https://securityvulnerability.io/vulnerability/CVE-2013-1739,,"Mozilla Network Security Services (NSS) before 3.15.2 does not ensure that data structures are initialized before read operations, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a decryption failure.",Mozilla,Network Security Services,,,0.1128700003027916,false,,false,false,false,,,false,false,,2013-10-22T22:00:00.000Z,0
CVE-2013-0791,https://securityvulnerability.io/vulnerability/CVE-2013-0791,,"The CERT_DecodeCertPackage function in Mozilla Network Security Services (NSS), as used in Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird before 17.0.5, Thunderbird ESR 17.x before 17.0.5, SeaMonkey before 2.17, and other products, allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) via a crafted certificate.",Mozilla,"Thunderbird,Seamonkey,Thunderbird Esr,Firefox Esr,Firefox,Network Security Services",,,0.05451999977231026,false,,false,false,false,,,false,false,,2013-04-03T10:00:00.000Z,0
CVE-2013-1620,https://securityvulnerability.io/vulnerability/CVE-2013-1620,,"The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.",Mozilla,Network Security Services,,,0.005890000145882368,false,,false,false,false,,,false,false,,2013-02-08T19:00:00.000Z,0
CVE-2011-5094,https://securityvulnerability.io/vulnerability/CVE-2011-5094,,"Mozilla Network Security Services (NSS) 3.x, with certain settings of the SSL_ENABLE_RENEGOTIATION option, does not properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection, a different vulnerability than CVE-2011-1473.  NOTE: it can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment",Mozilla,Network Security Services,,,0.03593999892473221,false,,false,false,false,,,false,false,,2012-06-16T21:55:00.000Z,0
CVE-2012-0441,https://securityvulnerability.io/vulnerability/CVE-2012-0441,,"The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security Services (NSS) before 3.13.4, as used in Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10, allows remote attackers to cause a denial of service (application crash) via a zero-length item, as demonstrated by (1) a zero-length basic constraint or (2) a zero-length field in an OCSP response.",Mozilla,"Network Security Services,Seamonkey,Firefox,Thunderbird,Firefox Esr,Thunderbird Esr",,,0.10620000213384628,false,,false,false,false,,,false,false,,2012-06-05T23:55:00.000Z,0