Lucene search
K

198 matches found

RedHat Linux
RedHat Linux
added 2023/04/17 2:1 p.m.8 views

Thunderbird: Revocation status of S/Mime recipient certificates was not checked

The Mozilla Foundation Security Advisory describes this flaw as: OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug...

6.5CVSS7.3AI score0.00372EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/04/17 1:56 p.m.6 views

Thunderbird: Revocation status of S/Mime recipient certificates was not checked

The Mozilla Foundation Security Advisory describes this flaw as: OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Thunderbird versions from 68 to 102.9.1 were affected by this bug...

6.5CVSS7.3AI score0.00372EPSS
Exploits0References5
F5 Networks
F5 Networks
added 2023/03/13 4:46 p.m.44 views

K000132946: OpenSSL vulnerability CVE-2023-0215

Security Advisory Description The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The...

7.5CVSS7AI score0.04494EPSS
Exploits0Affected Software16
OSV
OSV
added 2023/03/04 11:5 a.m.13 views

OESA-2023-1142 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

7.5CVSS8.6AI score0.59501EPSS
Exploits0References5
OSV
OSV
added 2023/03/04 11:4 a.m.4 views

OESA-2023-1135 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, C...

7.5CVSS8.7AI score0.59501EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/02/28 8:22 a.m.5 views

openssl: use-after-free following BIO_new_NDEF

A use-after-free vulnerability was found in OpenSSL's BIOnewNDEF function. The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be...

7.5CVSS6.6AI score0.04494EPSS
Exploits0References5
OSV
OSV
added 2023/02/16 6:13 p.m.14 views

CLSA-2023-1676571183 Update of nss

Update to CKBI 2.60 from NSS 3.86 - Added: - Certificate "Autoridad de Certificacion Firmaprofesional CIF A62634068" - Certificate "Certainly Root E1" - Certificate "Certainly Root R1" - Certificate "DigiCert SMIME ECC P384 Root G5" - Certificate "DigiCert SMIME RSA4096 Root G5" - Certificate...

5.8AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:13 a.m.5 views

SUSE CVE-2006-7250

The mimehdrcmp function in crypto/asn1/asnmime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted S/MIME message...

5CVSS8.1AI score0.06989EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.2 views

SUSE CVE-2009-0547

Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a signature by modifying the latter copy, a different vulnerability than CVE-2008-5077...

5CVSS7.8AI score0.02216EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 6:4 a.m.2 views

SUSE CVE-2009-0930

Multiple cross-site scripting XSS vulnerabilities in Horde IMP before 4.2.2 and 4.3.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to 1 smime.php, 2 pgp.php, and 3 message.php...

4.3CVSS6AI score0.01604EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:48 a.m.4 views

SUSE CVE-2012-1165

The mimeparamcmp function in crypto/asn1/asnmime.c in OpenSSL before 0.9.8u and 1.x before 1.0.0h allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted S/MIME message, a different vulnerability than CVE-2006-7250...

5CVSS8.3AI score0.06843EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.4 views

SUSE CVE-2019-11755

A crafted S/MIME message consisting of an inner encryption layer and an outer SignedData layer was shown as having a valid digital signature, although the signer might have had no access to the contents of the encrypted message, and might have stripped a different signature from the encrypted...

7.5CVSS8.9AI score0.01075EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:21 a.m.2 views

SUSE CVE-2023-0430

Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Mail signed with a revoked certificate would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird 102.7.1...

7.5CVSS8.9AI score0.00372EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2023/02/11 12:0 a.m.59 views

Fedora 37 : openssl (2023-57f33242bc)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-57f33242bc advisory. Rebase to upstream version 3.0.8 Resolves: CVE-2022-4203 Resolves: CVE-2022-4304 Resolves: CVE-2022-4450 Resolves: CVE-2023-0215 Resolves:...

7.5CVSS7.4AI score0.59501EPSS
Exploits0References9
OSV
OSV
added 2023/02/08 10:28 p.m.47 views

GHSA-R7JW-WP68-3XCH openssl-src vulnerable to Use-after-free following `BIO_new_NDEF`

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

7.5CVSS7.8AI score0.04494EPSS
Exploits0References11
Github Security Blog
Github Security Blog
added 2023/02/08 10:28 p.m.52 views

openssl-src vulnerable to Use-after-free following `BIO_new_NDEF`

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

7.5CVSS7.8AI score0.04494EPSS
Exploits0References12Affected Software1
OSV
OSV
added 2023/02/08 10:21 p.m.44 views

GHSA-VRH7-X64V-7VXQ openssl-src contains `NULL` dereference during PKCS7 data verification

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...

7.5CVSS7.7AI score0.01846EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2023/02/08 10:21 p.m.65 views

openssl-src contains `NULL` dereference during PKCS7 data verification

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...

7.5CVSS7.4AI score0.01846EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/02/08 8:15 p.m.2 views

DEBIAN-CVE-2023-0401

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. In case the hash algorithm used for the signature is known to the OpenSSL library but the implementation of the hash algorithm is not available the digest initialization will fail...

7.5CVSS7.4AI score0.01846EPSS
Exploits0References1
OSV
OSV
added 2023/02/08 8:15 p.m.15 views

AZL-13301 CVE-2023-0215 affecting package cloud-hypervisor for versions less than 30.0-2

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

7.5CVSS6.6AI score0.04494EPSS
Exploits0References1
Rows per page
Query Builder