Mozilla: OpenPGP revocation information was ignored

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as...

Mozilla: OpenPGP revocation information was ignored

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as...

RHEL 8 : thunderbird (RHSA-2022:1301)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:1301 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.8.0. Security Fixes: Mozilla:...

Oracle Linux 8 : thunderbird (ELSA-2022-1301)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-1301 advisory. 91.8.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 91.8.0-1 - Update to 91.8.0 Tenable has extracted...

The vulnerability of TLS and SSL Mbed TLS implementations lies in errors in the certificate validation process, which allows attackers to compromise the integrity of data.

The vulnerability of TLS and SSL Mbed TLS implementations is related to the incorrect use of the revocationDate check. Exploiting this vulnerability allows a remote attacker to compromise the integrity of data...

CVE-2022-1197

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as...

UBUNTU-CVE-2022-1197

When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as non-revoked. Revocation statements that used another revocation reason, or that didn't specify a...

Involve governer to run this function

Lines of code Vulnerability details Impact Governer is an important role in revoking role decision, so it is recommended to involve it by using "onlyGoverner" modifier or using "onlyGovernerOrGaurdian" modifier in calling this function. Proof of Concept Tools Used : Manual analysis Recommended...

PT-2022-3819 · Mozilla +9 · Thunderbird +9

Name of the Vulnerable Software and Affected Versions: Thunderbird versions prior to 91.8 Description: The issue is related to errors when updating the OpenPGP digital signature, which can allow a remote attacker to perform a spoofing attack. Specifically, when importing a revoked key that...

CVE-2022-22332

IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131...

CVE-2022-22332

IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131...

CVE-2021-36775

CVE-2021-36775 is an Improper Access Control issue in SUSE Rancher. The vulnerability allows users to retain privileges that should have been revoked. Affected Rancher versions are prior to 2.4.18, prior to 2.5.12, and prior to 2.6.3. Patched releases are 2.4.18, 2.5.12, 2.6.3 and later. This adv...

IBM Sterling Partner Engagement Manager 安全漏洞

IBM Sterling Partner Engagement Manager is an automation management tool from IBM, U.S.A. An access control error vulnerability exists in IBM Sterling Partner Engagement Manager version 6.2.0, which stems from the lack of a revocation mechanism for JWT tokens. An attacker could exploit the...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to impersonation attack (CVE-2022-22332)

Summary IBM Sterling Partner Engagement Manager CVE-2022-22332 is vulnerable to impersonation attack due to weakness in the JWT token used as an authentication mechanism in the APIs. The issue has been addressed. Vulnerability Details CVEID: CVE-2022-22332 DESCRIPTION: IBM Sterling Partner...

CVE-2022-22332

IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131...

A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.

...

CVE-2022-23041

Linux PV device frontends vulnerable to attacks by backends This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Several Linux PV device frontends are using the grant table interfaces for removing access rights of the...

CVE-2022-21170

Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA Ver.3 / Ver.4 using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle...

CVE-2022-21170

Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA Ver.3 / Ver.4 using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle...

CVE-2022-21170

Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA Ver.3 / Ver.4 using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle...