[SECURITY] Fedora 42 Update: nss-3.123.1-1.fc42

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

[SECURITY] Fedora 42 Update: nss-3.121.0-1.fc42

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

[SECURITY] Fedora 44 Update: nss-3.121.0-1.fc44

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

CVE-2025-57292

Todoist v8484 contains a stored cross-site scripting XSS vulnerability in the avatar upload functionality. The application fails to properly validate the MIME type and sanitize image metadata...

UBUNTU-CVE-2024-28054

Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict relative to some mail user agents when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware...

Mozilla Thunderbird Security Vulnerability

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP and POP mail protocols as well as the HTML mail format. A security vulnerability exists in Mozilla Thunderbird version 115.6, which...

CVE-2023-40440

This issue was addressed with improved state management of S/MIME encrypted emails. This issue is fixed in macOS Monterey 12.6.8. A S/MIME encrypted email may be inadvertently sent unencrypted...

USN-6262-1 wireshark vulnerabilities

It was discovered that Wireshark did not properly handle certain NFS packages when certain configuration options were enabled. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. CVE-2020-13164 It was discovered that Wireshark did not properly...

golang: net/http, net/textproto: denial of service from excessive memory allocation

A flaw was found in Golang Go, where it is vulnerable to a denial of service caused by memory exhaustion in the common function in HTTP and MIME header parsing. By sending a specially crafted request, a remote attacker can cause a denial of service...

SUSE CVE-2003-0564

Multiple vulnerabilities in multiple vendor implementations of the Secure/Multipurpose Internet Mail Extensions S/MIME protocol allow remote attackers to cause a denial of service and possibly execute arbitrary code via an S/MIME email message containing certain unexpected ASN.1 constructs, as...

ALPINE-CVE-2022-3515

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment...

UBUNTU-CVE-2021-43527

NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \7, or PKCS \12 are likely to be impacted. Applications using N...

The vulnerability of the Secure/Multipurpose Internet Mail Extentions (S/MIME) encryption function in the Thunderbird email client allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Secure/Multipurpose Internet Mail Extensions S/MIME function in the Thunderbird email client is related to the lack of protection for service data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected...

Over Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks

A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients. The affected email clients include Thunderbird, Microsoft...

CVE-2017-12353

A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a...

Input validation

A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a...

CVE-2017-3827

A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA and Web Security Appliances WSA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: This...

Cisco Email Security Appliance Malformed MIME Header Filtering Bypass Vulnerability

A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a...

Secure Mail strips attachments from digitally signed emails

Attachments are not being shown on digitally signed emails in Secure Mail. Information Secure Mail supports Secure/Multipurpose Internet Mail Extensions S/MIME, enabling users to sign and encrypt messages for greater security. Signing assures the recipient that the message was sent by the...

Mozilla Patches 29 Vulnerabilities, Prevents MIME Confusion Attacks, in Firefox 50

Mozilla addressed 29 vulnerabilities, three rated critical, when it released the latest iteration of its flagship browser, Firefox 50 and Firefox ESR 45.5, on Tuesday. Firefox developers said this week that it might take some effort, but at least two of the critical bugs could be exploited to run...