Lucene search
K

62 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in nss, Thunderbird

Versions of NSS Network Security Services prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications that use NSS to handle signatures encoded within CMS, S/MIME, PKCS \7, or PKCS \12 are likely to be affected. Applications that...

9.8CVSS7.1AI score0.17563EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/02 9:30 a.m.5 views

EUVD-2026-18160

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures...

7.7CVSS5.9AI score0.0012EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/02 8:27 a.m.31 views

CVE-2026-29140 S/MIME Signature Additional Certificate

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures...

7.7CVSS0.0012EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-28075

Malicious code in bioql PyPI...

8.2CVSS6.6AI score0.00329EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-12487

Malicious code in bioql PyPI...

6.5CVSS7.8AI score0.00372EPSS
Exploits0References14
NVD
NVD
added 2025/01/09 3:15 p.m.8 views

CVE-2023-24011

An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...

8.2CVSS0.00329EPSS
Exploits0References2
NVD
NVD
added 2025/01/09 3:15 p.m.6 views

CVE-2023-24012

An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...

8.2CVSS0.00271EPSS
Exploits1References2
OSV
OSV
added 2025/01/09 3:15 p.m.3 views

UBUNTU-CVE-2023-24010

An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...

8.2CVSS5.9AI score0.00326EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/01/09 2:36 p.m.7 views

CVE-2023-24011 Data Distribution Service (DDS) Chain of Trust (CoT) violation vulnerability in Cyclone DDS

An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...

8.2CVSS8.1AI score0.00329EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/01/09 2:36 p.m.7 views

CVE-2023-24010

An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...

8.2CVSS5.4AI score0.00326EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/01/02 9:6 a.m.7 views

Mozilla: S/MIME signature accepted despite mismatching message date

The Mozilla Foundation Security Advisory: The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despi...

4.3CVSS7.3AI score0.00633EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/12/19 12:0 a.m.4 views

Mozilla Thunderbird Security Vulnerability

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP and POP mail protocols as well as the HTML mail format. A security vulnerability exists in Mozilla Thunderbird version 115.6, which...

4.3CVSS6.7AI score0.00633EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2023/06/02 5:15 p.m.2 views

CVE-2023-0430

Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird 102.7.1...

6.5CVSS6.7AI score0.00372EPSS
Exploits0References3
OSV
OSV
added 2023/06/02 5:15 p.m.2 views

DEBIAN-CVE-2023-0430

Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird 102.7.1...

6.5CVSS6.5AI score0.00372EPSS
Exploits0References1
OSV
OSV
added 2023/06/02 5:15 p.m.7 views

CVE-2023-0430

Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird 102.7.1...

6.5CVSS6.2AI score
Exploits0References2
OSV
OSV
added 2023/06/02 5:15 p.m.4 views

UBUNTU-CVE-2023-0430

Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird 102.7.1...

6.5CVSS5.8AI score0.00372EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2023/06/02 12:0 a.m.4 views

CVE-2023-0430

Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird 102.7.1...

6.3AI score0.00372EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/02/20 12:0 a.m.26 views

Debian dla-3324 : thunderbird - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3324 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3324-1 [email protected]...

8.8CVSS8.2AI score0.00892EPSS
Exploits0References42
Tenable Nessus
Tenable Nessus
added 2023/02/19 12:0 a.m.44 views

Debian DSA-5355-1 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5355 advisory. Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the stable distribution...

8.8CVSS8.3AI score0.00892EPSS
Exploits0References43
CNVD
CNVD
added 2023/02/09 12:0 a.m.4 views

Mozilla Thunderbird Trust Management Issues Vulnerability

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. Mozilla Thunderbird suffers from a trust management issue because it fails to check the...

6.5CVSS6.3AI score0.00372EPSS
Exploits0References1
Rows per page
Query Builder