[SECURITY] Fedora 44 Update: nss-3.121.0-1.fc44

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

CVE-2025-57292

Todoist v8484 contains a stored cross-site scripting XSS vulnerability in the avatar upload functionality. The application fails to properly validate the MIME type and sanitize image metadata...

UBUNTU-CVE-2024-28054

Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict relative to some mail user agents when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware...

Mozilla Thunderbird Security Vulnerability

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP and POP mail protocols as well as the HTML mail format. A security vulnerability exists in Mozilla Thunderbird version 115.6, which...

USN-6262-1 wireshark vulnerabilities

It was discovered that Wireshark did not properly handle certain NFS packages when certain configuration options were enabled. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. CVE-2020-13164 It was discovered that Wireshark did not properly...

golang: net/http, net/textproto: denial of service from excessive memory allocation

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...

Over Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks

A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients. The affected email clients include Thunderbird, Microsoft...

CVE-2017-12353

A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a...

Input validation

A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a...

CVE-2017-3827

A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA and Web Security Appliances WSA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: This...

Cisco Email Security Appliance Malformed MIME Header Filtering Bypass Vulnerability

A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a...

Secure Mail strips attachments from digitally signed emails

Attachments are not being shown on digitally signed emails in Secure Mail. Information Secure Mail supports Secure/Multipurpose Internet Mail Extensions S/MIME, enabling users to sign and encrypt messages for greater security. Signing assures the recipient that the message was sent by the...

Mozilla Patches 29 Vulnerabilities, Prevents MIME Confusion Attacks, in Firefox 50

Mozilla addressed 29 vulnerabilities, three rated critical, when it released the latest iteration of its flagship browser, Firefox 50 and Firefox ESR 45.5, on Tuesday. Firefox developers said this week that it might take some effort, but at least two of the critical bugs could be exploited to run...

Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability

A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection AMP filters that are configured for an affected device. The vulnerability is due to improper err...

Cisco Email Security Appliance MIME Header Processing Filter Bypass Vulnerability

A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection AMP filters that are configured for an affected device. The vulnerability is due to improper err...

Authentication flaw

A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA and Web Security Appliances WSA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: all...

Cisco Web Security Appliance MIME Header Bypass Vulnerability

A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions MIME headers of Cisco AsyncOS Software for Cisco Email Security Appliances ESA and Web Security Appliances WSA could allow an unauthenticated, remote attacker to bypass the filtering...