CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1234 matches found

Fedora•added 2026/05/21 1:28 a.m.•5 views

[SECURITY] Fedora 43 Update: nss-3.123.1-1.fc43

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

5.8AI score

Exploits0

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в thunderbird

The OCSP revocation status of certificates was not checked when verifying S/Mime signatures. Emails signed with revoked certificates would be displayed as having a valid signature. Thunderbird versions from 68 to 102.7.0 were affected by this bug. This vulnerability affects Thunderbird versions...

6.5CVSS6.7AI score0.00076EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux - уязвимость в nss, thunderbird

NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \7, or PKCS \12 are likely to be impacted. Applications using N...

9.8CVSS8.6AI score0.05243EPSS

Exploits0References1

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в thunderbird

Thunderbird versions prior to 91.3.0 are vulnerable to a heap overflow vulnerability described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain certificates with DER-encoded DSA ...

9.8CVSS7.4AI score0.00327EPSS

Exploits0References1

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в thunderbird

The OCSP revocation status of recipient certificates was not checked when sending S/MIME encrypted emails. As a result, revoked certificates were accepted. This bug affected Thunderbird versions from 68 to 102.9.1. This vulnerability affects Thunderbird versions earlier than 102.10...

6.5CVSS6.8AI score0.00141EPSS

Exploits0References2

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в thunderbird

The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If this information is present, Thunderbird does not compare the signature creation date with the message date and time, and displays a valid signature even if there is a mismatch...

4.3CVSS6.1AI score0.00288EPSS

Exploits0References2

CVE•added 2026/04/02 8:49 a.m.•5 views

CVE-2026-29143

CVE-2026-29143 affects SEPPmail Secure Email Gateway prior to version 15.0.3. The issue is that the inner S/MIME-encrypted MIME entity is not properly authenticated, enabling an attacker to manipulate trusted headers. The root cause is insufficient verification of the inner message, with potentia...

9.1CVSS5.9AI score0.00059EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/04/02 8:27 a.m.•28 views

CVE-2026-29140 S/MIME Signature Additional Certificate

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures...

7.7CVSS0.00023EPSS

Exploits0References1

OSV•added 2026/03/04 9:15 a.m.•1 views

CVE-2026-27443

SEPPmail Secure Email Gateway before version 15.0.1 does not properly sanitize the headers from S/MIME protected MIME entities, allowing an attacker to control trusted headers...

7.5CVSS5.8AI score0.00092EPSS

Exploits0References1

Fedora•added 2026/02/05 1:0 a.m.•6 views

[SECURITY] Fedora 43 Update: gnupg2-2.4.9-5.fc43

GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described...

8.4CVSS5.4AI score0.00008EPSS

Exploits1

Debian CVE•added 2026/01/27 6:36 p.m.•4 views

CVE-2026-24881

In GnuPG before 2.5.17, a crafted CMS S/MIME EnvelopedData message carrying an oversized wrapped session key can cause a stack-based buffer overflow in gpg-agent during PKDECRYPT--kem=CMS handling. This can easily be leveraged for denial of service; however, there is also memory corruption that...

9.8CVSS6.7AI score0.00227EPSS

Exploits1

RedhatCVE•added 2026/01/09 12:31 p.m.•7 views

CVE-2023-40440

This issue was addressed with improved state management of S/MIME encrypted emails. This issue is fixed in macOS Monterey 12.6.8. A S/MIME encrypted email may be inadvertently sent unencrypted...

7.5CVSS5.9AI score0.00138EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 12:11 p.m.•7 views

CVE-2018-18513

A crash can occur when processing a crafted S/MIME message or an XPI package containing a crafted signature. This can be used as a denial-of-service DOS attack because Thunderbird reopens the last seen message on restart, triggering the crash again. This vulnerability affects Thunderbird 60.5...

7.5CVSS6.4AI score0.00506EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:35 a.m.•4 views

CVE-2019-7284

This issue was addressed with improved checks. This issue is fixed in iOS 12.2. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing...

4.3CVSS5.8AI score0.00255EPSS

Exploits0References1

Fedora•added 2026/01/05 1:22 a.m.•9 views

[SECURITY] Fedora 43 Update: gnupg2-2.4.9-1.fc43

7.8CVSS6.9AI score0.00016EPSS

Exploits1