80 matches found
UBUNTU-CVE-2022-0741
Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses...
CVE-2022-20653
A vulnerability in the DNS-based Authentication of Named Entities DANE email verification component of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability...
CVE-2021-34741
A vulnerability in the email scanning algorithm of Cisco AsyncOS software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to perform a denial of service DoS attack against an affected device. This vulnerability is due to insufficient input validation of...
Cross-site Scripting (XSS)
otrs2:sid is vulnerable to cross-site scripting. It's possible to collect various information by having an e-mail shown in the overview screen. Attack can be performed by sending specially crafted e-mail to the system and it doesn't require any user intraction...
CVE-2020-7761
This affects the package @absolunet/kafe before 3.2.10. It allows cause a denial of service when validating crafted invalid emails...
Regular Expression Denial of Service (ReDoS)
Overview djvalidator is a DjValidator is the jquery plugin for validating web forms, simpler, faster to use and flexible, it does not depend on any UI framework. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS by sending crafted invalid emails - for...
DEBIAN-CVE-2019-15961
A vulnerability in the email parsing module Clam AntiVirus ClamAV Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in...
UBUNTU-CVE-2019-15961
A vulnerability in the email parsing module Clam AntiVirus ClamAV Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in...
Microsoft Outlook for Android Spoofing Vulnerability
Microsoft Outlook for Android is an email application for the Android-based platform from Microsoft USA. A spoofing vulnerability exists in the way Microsoft Outlook for Android parses specially crafted emails. An attacker could exploit this vulnerability by sending a specially crafted email to a...
Microsoft Outlook Elevation of Privilege Vulnerability (CNVD-2019-40535)
Microsoft Outlook is a personal information management system software with features such as sending and receiving e-mail, calendars and more. An elevation of privilege vulnerability exists in Microsoft Outlook, which arises from a failure to adequately validate the format of incoming emails as...
PT-2019-2996 · Microsoft · Outlook Ios
Name of the Vulnerable Software and Affected Versions: Microsoft Outlook iOS affected versions not specified Description: The issue exists due to insufficient input validation in the Microsoft Outlook iOS software. This allows a remote attacker to perform cross-site scripting attacks, potentially...
SUSE SLED12 / SLES12 Security Update : spamassassin (SUSE-SU-2019:1961-1)
This update for spamassassin to version 3.4.2 fixes the following issues : Security issues fixed : CVE-2017-15705: Fixed denial of service via unclosed tags in crafted emails bsc1108745. CVE-2018-11781: Fixed a code injection in the meta rule syntax by local users bsc1108748. CVE-2018-11780: Fixe...
CVE-2019-1933
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper input validation of certain email fields. An attacker cou...
SUSE-SU-2019:1266-2 Security update for evolution
This update for evolution fixes the following issues: Security issue fixed: - CVE-2018-15587: Fixed an issue with spoofed pgp signatures by using specially crafted emails bsc1125230...
Microsoft Outlook for Android Spoofing Vulnerability
Microsoft Outlook for Android is an email application for the Android-based platform from Microsoft USA. A security vulnerability exists in Microsoft Outlook for Android. An attacker can exploit this vulnerability by sending a specially crafted email message to perform a cross-site scripting atta...
Important Flaw in Outlook App for Android Affects Over 100 Millions Users
Update 22 June 2019 — More technical details and proof-of-concept for the OutLook for Android vulnerability has been released that we have covered in a separate article here. Microsoft today released an updated version of its "Outlook for Android" that patches an important security vulnerability ...
Mozilla Thunderbird heap buffer overflow vulnerability (CNVD-2019-19317)
Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. A buffer overflow vulnerability exists in the icalvalue.c file in Mozilla Thunderbird...
The vulnerability of the Outlook Web Access email server component of the Microsoft Exchange Server allows a attacker to compromise the confidentiality and integrity of the protected information.
The vulnerability of the Outlook Web Access OWA component of the Microsoft Exchange Server email server is related to errors in processing web requests. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of protected information through speciall...
sLoad Banking Trojan Downloader Displays Sophisticated Recon and Targeting
A new PowerShell downloader dubbed sLoad is making the rounds, sporting impressive reconnaissance tactics and a penchant for geofencing, which indicate increasing sophistication when it comes to targeting efforts. First spotted in May 2018, sLoad typically delivers the Ramnit banking trojan but h...
spamassassin: Certain unclosed tags in crafted emails allow for scan timeouts and result in denial of service
A flaw was found in the way SpamAssassin processes HTML email containing unclosed HTML tags. A carefully crafted mail message could cause SpamAssassin to consume significant resources. If a large number of these messages are sent, a denial of service could occur potentially delaying or preventing...