18 matches found
CVE-2025-65318
When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...
EUVD-2025-203807
When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...
CVE-2025-65318
When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...
CVE-2025-65318
When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...
CVE-2025-65318
When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...
Canary Mail 安全漏洞
Canary Mail is an email client application from Canary Mail, Inc. in the United States. A security vulnerability exists in Canary Mail version 5.1.40 and earlier, which stems from a failure to add the Mark-of-the-Web tag when saving a document, which could lead to a bypass of the file protection...
CVE-2025-65318
CVE-2025-65318 : Red Hat and NVD/NVD-derived records describe a vulnerability in Canary Mail 5.1.40 and earlier where saving documents via the attachment interaction leads to files being written to the filesystem without a Mark-of-the-Web tag. This tag omission can bypass built-in file protection...
CVE-2025-65318
When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...
Exploit for CVE-2025-65318
PoC for CVE-2025-65318 and CVE-2025-65319 - CVE-2025-65318...
PT-2025-51552
Name of the Vulnerable Software and Affected Versions Canary Mail affected versions not specified Blue Mail affected versions not specified Description A flaw exists in the data protection mechanisms of email clients. Remote attackers may be able to conduct phishing attacks by exploiting this...
EUVD-2021-13695
Malware in sbrugna...
CVE-2021-26911
core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode...
CVE-2021-26911
core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode...
CVE-2021-26911
core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode...
Code injection
core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode...
CVE-2021-26911
Canary Mail is affected by CVE-2021-26911 (CVE entry). The vulnerability is in core/imap/MCIMAPSession.cpp and manifests in IMAP STARTTLS mode due to missing SSL certificate validation, affecting Canary Mail versions prior to 3.22. The CVSS data in the connected records indicates a network-expose...
CVE-2021-26911
core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode...
Canary mail trust management issue vulnerability
Canary mail is a software application from Canary Corporation in the United States. It provides an encrypted e-mail function feature. A trust management issue vulnerability exists in Canary Mail, which arises from the lack of SSL certificate validation for IMAP in STARTTLS mode...