7 matches found
RNP 安全漏洞
RNP is a C++ library open-sourced by RNP. A security vulnerability exists in RNP version 0.18.0 that stems from an uninitialized symmetric session key used in PKESK packets, which could lead to a complete breach of confidentiality...
Fedora 36 : rnp (2023-609db87741)
The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-609db87741 advisory. Version 0.16.3 2023-04-11 Security Fixed issue with possible hang on malformed inputs CVE-2023-29479. Fixed issue where in some cases, secret keys...
Code injection
An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid...
Oracle Linux 7 : thunderbird (ELSA-2021-1192)
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-1192 advisory. 78.9.1-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 78.9.1-1 - Update to 78.9.1 Tenable has extracted...
Oracle Linux 8 : thunderbird (ELSA-2021-1193)
The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-1193 advisory. 78.9.1-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 78.9.1-1 - Update to 78.9.1 Tenable has extracted...
Mozilla: Inability to send encrypted OpenPGP email after importing a crafted OpenPGP key
An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid...
CVE-2021-23993
An attacker may perform a DoS attack to prevent a user from sending encrypted email to a correspondent. If an attacker creates a crafted OpenPGP key with a subkey that has an invalid self signature, and the Thunderbird user imports the crafted key, then Thunderbird may try to use the invalid...