Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nss vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-11729
Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used. This vulnerability affects Firefox ESR < 60.8, Firefox < 68, and Thunderbird < 60.8.
Mozilla Firefox
Mozilla Thunderbird
Mozilla Firefox Esr
7.5
CVSSv2
CVE-2019-11709
Mozilla developers and community members reported memory safety bugs present in Firefox 67 and Firefox ESR 60.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulner...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
Opensuse Leap 15.0
Opensuse Leap 15.1
Suse Package Hub -
Debian Debian Linux 8.0
5
CVSSv2
CVE-2019-11719
When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure. This vulnerability affects Firefox ESR < 60.8, Firefox &l...
Mozilla Firefox
Mozilla Firefox Esr
Mozilla Thunderbird
5
CVSSv2
CVE-2019-13509
In Docker CE and EE prior to 18.09.8 (as well as Docker EE prior to 17.06.2-ee-23 and 18.x prior to 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that include...
Docker Docker 17.03.2
Docker Docker 17.06.2
Docker Docker 18.03.1
Docker Docker
5
CVSSv2
CVE-2019-12312
In Libreswan 3.27 an assertion failure can lead to a pluto IKE daemon restart. An attacker can trigger a NULL pointer dereference by initiating an IKEv2 IKE_SA_INIT exchange, followed by a bogus INFORMATIONAL exchange instead of the normallly expected IKE_AUTH exchange. This affe...
Libreswan Libreswan
4.3
CVSSv2
CVE-2018-12404
A cached side channel attack during handshakes using RSA encryption could allow for the decryption of encrypted content. This is a variant of the Adaptive Chosen Ciphertext attack (AKA Bleichenbacher attack) and affects all NSS versions prior to NSS 3.41.
Mozilla Network Security Services
4.3
CVSSv2
CVE-2018-12384
When handling a SSLv2-compatible ClientHello request, the server doesn't generate a new random value but sends an all-zero value instead. This results in full malleability of the ClientHello for SSLv2 used for TLS 1.2 in all versions prior to NSS 3.39. This does not impact T...
Mozilla Network Security Services
1 Github repository
5
CVSSv2
CVE-2017-7805
During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leav...
Mozilla Firefox 56.0
Mozilla Firefox Esr 52.4.0
Mozilla Thunderbird 52.4.0
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
5
CVSSv2
CVE-2017-5462
A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox ESR 52.1 has been updated with NSS version 3.28....
Debian Debian Linux 8.0
Mozilla Firefox Esr
Mozilla Thunderbird
Mozilla Firefox
Mozilla Network Security Services
Mozilla Firefox Esr 52.0
7.8
CVSSv2
CVE-2018-0234
A vulnerability in the implementation of Point-to-Point Tunneling Protocol (PPTP) functionality in Cisco Aironet 1810, 1830, and 1850 Series Access Points could allow an unauthenticated, remote malicious user to cause an affected device to reload, resulting in a denial of service...
Cisco Aironet Access Point Software 8.5\\(103.0\\)
Cisco Aironet Access Point Software 8.4\\(100.0\\)
Cisco Aironet Access Point Software 8.5\\(105.0\\)
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »