Astra Linux - уязвимость в thunderbird

During the plaintext phase of the STARTTLS connection setup, protocol commands could be injected and evaluated within the encrypted session. This vulnerability affects Thunderbird 78.7...

CVE-2025-67897

A flaw was found in Sequoia. This vulnerability allows a remote attacker to crash an application via sending a victim an encrypted message with a crafted Public Key Encrypted Session Key PKESK or Symmetric Key Encrypted Session Key SKESK packet, which causes aeskeyunwrap to panic when processing ...

UBUNTU-CVE-2025-13470

In RNP version 0.18.0 a refactoring regression causes the symmetric session key used for Public-Key Encrypted Session Key PKESK packets to be left uninitialized except for zeroing, resulting in it always being an all-zero byte array. Any data encrypted using public-key encryption in this release...

Unspecified Vulnerability in HCL AION

HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability which is caused due to missing security attributes in the encrypted session SSL cookie. No details of the vulnerability are provided at this time...

CVE-2025-52632

A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...

CVE-2025-52632

A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...

CVE-2025-52632

A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...

CVE-2025-52632

CVE-2025-52632 affects HCL AION 2.0 and is described as a Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability. The available connected sources confirm the affected product (HCL AION) and the issue arises in encrypted session cookies lacking the Secure attribute, which can exp...

CVE-2025-52632 HCL AION is susceptible to Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability

A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...

CVE-2025-52632 HCL AION is susceptible to Missing Secure Attribute in Encrypted Session (SSL) Cookie vulnerability

A Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability in HCL AION.This issue affects AION: 2.0...

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability which is caused due to missing security attributes in the encrypted session SSL cookie. No details of the vulnerability are provided at this time...

EUVD-2023-38106

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-29547

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS...

Linux Distros Unpatched Vulnerability : CVE-2016-10376

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Gajim through 0.16.7 unconditionally implements the XEP-0146: Remote Controlling Clients extension. This can be abused by malicious XMPP servers to, for example...

CVE-2021-38084

An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session...

CVE-2020-29548

An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session...

Fedora 41 : perl-Mojolicious (2025-c38fd06bec)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c38fd06bec advisory. Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by...

CVE-2023-33982

Summary (CVE-2023-33982): Briar’s Bramble Handshake Protocol (BHP) in Briar versions prior to 1.5.3 is not forward secure. If an attacker later compromises both accounts, they can decrypt traffic between them. The vulnerability is tied to the BHP and is considered impractical to exploit in normal...

K30315990: OpenVPN vulnerability CVE-2016-6329

Security Advisory Description OpenVPN, when using a 64-bit block cipher, makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTP-over-OpenVPN session using Blowfish in CBC mode, aka a "Sweet32" attac...

SUSE CVE-2020-15685

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird 78.7...