CVE-2026-29143

SEPPmail Secure Email Gateway before version 15.0.3 does not properly authenticate the inner message of S/MIME-encrypted MIME entities, allowing an attacker to control trusted headers...

[SECURITY] Fedora 44 Update: nss-3.120.1-1.fc44

Network Security Services NSS is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Applications built with NSS can support SSL v2 and v3, TLS, PKCS 5, PKCS 7, PKCS 11, PKCS 12, S/MIME, X.509 v3 certificates, and other security...

SEPPmail Secure Email Gateway 安全漏洞

SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.1 contained security vulnerabilities. These vulnerabilities stemmed from improper cleaning of headers originating from S/MIME...

CVE-2025-54777

CVE-2025-54777 affects Konica Minolta bizhub series. An uncaught exception in processing S/MIME Email certificates can trigger a DoS that disables the Web Connection feature. The issue is reported across multiple bizhub products; vulnerable component is the S/MIME handling during certificate impo...

Mozilla: S/MIME signature accepted despite mismatching message date

The Mozilla Foundation Security Advisory: The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despi...

Mozilla: S/MIME signature accepted despite mismatching message date

The Mozilla Foundation Security Advisory: The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despi...

ALPINE-CVE-2023-0215

The public API function BIOnewNDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. The function receives a BIO from the...

libksba: integer overflow to code execution

A vulnerability was found in the Libksba library, due to an integer overflow within the CRL's signature parser. This issue can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment...

Mozilla Thunderbird 缓冲区错误漏洞

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The software supports IMAP, POP mail protocols, and HTML mail formats. Mozilla Thunderbird suffers from a buffer error vulnerability that originates from a...

Mozilla: Covert Content Attack on S/MIME encryption using a crafted multipart/alternative message

Encrypted S/MIME parts in a crafted multipart/alternative message can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird 68.1 and Thunderbird 60.9...

DEBIAN-CVE-2018-18509

A flaw during verification of certain S/MIME signatures causes emails to be shown in Thunderbird as having a valid digital signature, even if the shown message contents aren't covered by the signature. The flaw allows an attacker to reuse a valid S/MIME signature to craft an email message with...

The vulnerability of the Secure/Multipurpose Internet Mail Extensions (S/MIME) function in the Cisco AsyncOS operating system allows a perpetrator to trigger a service failure.

The vulnerability of the Secure/Multipurpose Internet Mail Extensions S/MIME function in the Cisco AsyncOS operating system is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service interruptions by sending a specially crafted...