CVE-2025-26695

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird 136 and Thunderbird 128.8...

CVE-2025-26695

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird 136 and Thunderbird 128.8...

DEBIAN-CVE-2025-26695

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...

UBUNTU-CVE-2025-26695

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability affects Thunderbird 136 and Thunderbird 128.8...

CVE-2025-26695

When requesting an OpenPGP key from a WKD server, an incorrect padding size was used and a network observer could have learned the length of the requested email address. This vulnerability was fixed in Thunderbird 136 and Thunderbird 128.8...

Mozilla Thunderbird 安全漏洞

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. A code issue vulnerability exists in Mozilla Thunderbird versions prior to 136 and prior ...

Linux Distros Unpatched Vulnerability : CVE-2024-49997

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: ethernet: lantiqetop: fix memory disclosure When applying padding, the buffer is not zeroed, which results in memory disclosure. The mentioned data is...

Linux Distros Unpatched Vulnerability : CVE-2024-2467

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a...

Linux Distros Unpatched Vulnerability : CVE-2014-3566

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle...

Linux Distros Unpatched Vulnerability : CVE-2019-1559

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - If an application encounters a fatal protocol error and then calls SSLshutdown twice once to send a closenotify, and once to receive one then OpenSSL can respon...

Linux Distros Unpatched Vulnerability : CVE-2019-1563

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number...

Linux Distros Unpatched Vulnerability : CVE-2011-4108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote...

Linux Distros Unpatched Vulnerability : CVE-2010-2057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, 1.2.x before 1.2.9, and 2.0.x before 2.0.1 uses an encrypted View State without a Message...

DEBIAN-CVE-2022-49044

In the Linux kernel, the following vulnerability has been resolved: dm integrity: fix memory corruption when tagsize is less than digest size It is possible to set up dm-integrity in such a way that the "tagsize" parameter is less than the actual digest size. In this situation, a part of the dige...

UBUNTU-CVE-2022-49044

In the Linux kernel, the following vulnerability has been resolved: dm integrity: fix memory corruption when tagsize is less than digest size It is possible to set up dm-integrity in such a way that the "tagsize" parameter is less than the actual digest size. In this situation, a part of the dige...

kernel: xfrm: fix one more kernel-infoleak in algo dumping

A vulnerability was found in the xfrm module in the Linux Kernel. This issue was discovered during fuzz testing, where uninitialized memory containing potentially sensitive data was inadvertently copied to user-space. This issue occurs when dumping IPsec algorithm data structures, exposing random...

SUSE CVE-2024-2408

The opensslprivatedecrypt function in PHP, when using PKCS1 padding OPENSSLPKCS1PADDING, which is the default, is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817...

PT-2025-10625 · Mozilla +4 · Thunderbird +4

Name of the Vulnerable Software and Affected Versions: Thunderbird versions prior to 136 Thunderbird versions prior to 128.8 Description: The issue arises when requesting an OpenPGP key from a WKD server, where an incorrect padding size was used. This could allow a network observer to learn the...

Astra Linux – Vulnerability in opensc

A vulnerability was discovered in OpenSC, where the removal of PKCS1 encryption padding is not implemented in a way that ensures side-channel resistance. This issue may lead to the potential leakage of private data...

Azure Linux 3.0 Security Update: kernel (CVE-2024-49997)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49997 advisory. - In the Linux kernel, the following vulnerability has been resolved: net: ethernet: lantiqetop: fix memory...