62 matches found
Astra Linux – Vulnerability in nss, Thunderbird
Versions of NSS Network Security Services prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications that use NSS to handle signatures encoded within CMS, S/MIME, PKCS \7, or PKCS \12 are likely to be affected. Applications that...
EUVD-2026-18160
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures...
CVE-2026-29140 S/MIME Signature Additional Certificate
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures...
EUVD-2023-28075
Malicious code in bioql PyPI...
EUVD-2023-12487
Malicious code in bioql PyPI...
CVE-2023-24011
An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...
CVE-2023-24012
An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...
UBUNTU-CVE-2023-24010
An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...
CVE-2023-24011 Data Distribution Service (DDS) Chain of Trust (CoT) violation vulnerability in Cyclone DDS
An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...
CVE-2023-24010
An attacker can arbitrarily craft malicious DDS Participants or ROS 2 Nodes with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS7 certificate’s validation. This is caused by a...
Mozilla: S/MIME signature accepted despite mismatching message date
The Mozilla Foundation Security Advisory: The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despi...
Mozilla Thunderbird Security Vulnerability
Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP and POP mail protocols as well as the HTML mail format. A security vulnerability exists in Mozilla Thunderbird version 115.6, which...
CVE-2023-0430
Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird 102.7.1...
DEBIAN-CVE-2023-0430
Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird 102.7.1...
CVE-2023-0430
Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird 102.7.1...
UBUNTU-CVE-2023-0430
Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird 102.7.1...
CVE-2023-0430
Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird 102.7.1...
Debian dla-3324 : thunderbird - security update
The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3324 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3324-1 [email protected]...
Debian DSA-5355-1 : thunderbird - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5355 advisory. Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the stable distribution...
Mozilla Thunderbird Trust Management Issues Vulnerability
Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. Mozilla Thunderbird suffers from a trust management issue because it fails to check the...