cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-4421,https://securityvulnerability.io/vulnerability/CVE-2023-4421,Information Leakage in NSS Affecting RSA Key Exchange and Signature Forgery,"The NSS software contained a vulnerability that allowed attackers to exploit timing side-channels while checking PKCS#1 v1.5 padding. By leveraging this flaw, an attacker could potentially decrypt intercepted RSA-encrypted messages or forge signatures using the victim's key. The vulnerability arises from leaking information through timing differences related to padding validation and encrypted message lengths. The issue has been addressed by the implementation of the implicit rejection algorithm, which ensures NSS responds with a deterministic random message when invalid padding is detected.",Mozilla,NSS,6.5,MEDIUM,0.0006399999838322401,false,,false,false,false,,,false,false,,2023-12-12T17:15:00.000Z,0
CVE-2022-3479,https://securityvulnerability.io/vulnerability/CVE-2022-3479,nss Client Authentication Vulnerability in Mozilla Products,"A vulnerability in the nss client authentication process allows for a segmentation fault or application crash when there is no user certificate in the database. This issue can potentially disrupt operations depending on the nss for secure communications, leading to unexpected application behaviors.",Mozilla,Nss,7.5,HIGH,0.000910000002477318,false,,false,false,false,,,false,false,,2022-10-14T00:00:00.000Z,0
CVE-2021-43527,https://securityvulnerability.io/vulnerability/CVE-2021-43527,Heap Overflow Vulnerability in NSS Affects Multiple Applications,"NSS versions earlier than 3.73 and 3.68.1 ESR are susceptible to a heap overflow vulnerability when processing DER-encoded DSA or RSA-PSS signatures. This could potentially affect applications utilizing NSS for signature verification in formats such as CMS, S/MIME, PKCS #7, or PKCS #12. Notably, email clients like Thunderbird and LibreOffice, along with PDF viewers such as Evince and Evolution, may be impacted. Applications employing NSS for certificate validation or TLS operations can also be vulnerable, contingent upon their specific configurations.",Mozilla,Nss,9.8,CRITICAL,0.009060000069439411,false,,false,false,false,,,false,false,,2021-12-08T00:00:00.000Z,0
CVE-2020-12403,https://securityvulnerability.io/vulnerability/CVE-2020-12403,,"A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability.",Mozilla,Nss,9.1,CRITICAL,0.002739999908953905,false,,false,false,false,,,false,false,,2021-05-27T00:00:00.000Z,0
CVE-2019-17007,https://securityvulnerability.io/vulnerability/CVE-2019-17007,,"In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.",Mozilla,Nss,7.5,HIGH,0.0019399999873712659,false,,false,false,false,,,false,false,,2020-10-22T20:28:17.000Z,0
CVE-2019-17006,https://securityvulnerability.io/vulnerability/CVE-2019-17006,,"In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow.",Mozilla,Nss,9.8,CRITICAL,0.0032099999953061342,false,,false,false,false,,,false,false,,2020-10-22T20:24:25.000Z,0
CVE-2018-18508,https://securityvulnerability.io/vulnerability/CVE-2018-18508,,"In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.",Mozilla,Nss,6.5,MEDIUM,0.002240000059828162,false,,false,false,false,,,false,false,,2020-10-22T20:14:42.000Z,0
CVE-2020-25648,https://securityvulnerability.io/vulnerability/CVE-2020-25648,,"A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58.",Mozilla,Nss,7.5,HIGH,0.014150000177323818,false,,false,false,false,,,false,false,,2020-10-20T00:00:00.000Z,0
CVE-2018-12404,https://securityvulnerability.io/vulnerability/CVE-2018-12404,,A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.,Mozilla,Network Security Services (nss),5.9,MEDIUM,0.02329999953508377,false,,false,false,false,,,false,false,,2019-05-02T16:40:14.000Z,0
CVE-2016-8635,https://securityvulnerability.io/vulnerability/CVE-2016-8635,,It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.,Mozilla,Nss,5.3,MEDIUM,0.0020699999295175076,false,,false,false,false,,,false,false,,2018-08-01T13:00:00.000Z,0
CVE-2009-2409,https://securityvulnerability.io/vulnerability/CVE-2009-2409,,"The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time.  NOTE: the scope of this issue is currently limited because the amount of computation required is still large.",Mozilla,"Firefox,Firefox,Nss",,,0.01372000016272068,false,,false,false,false,,,false,false,,2009-07-30T19:00:00.000Z,0
CVE-2009-2408,https://securityvulnerability.io/vulnerability/CVE-2009-2408,,"Mozilla Network Security Services (NSS) before 3.12.3, Firefox before 3.0.13, Thunderbird before 2.0.0.23, and SeaMonkey before 1.1.18 do not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority. NOTE: this was originally reported for Firefox before 3.5.",Mozilla,"Firefox,Nss",5.9,MEDIUM,0.0021899999119341373,false,,false,false,false,,,false,false,,2009-07-30T19:00:00.000Z,0