CVE-2020-28017

Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receiveaddrecipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption...

MGASA-2021-0070 Updated mutt packages fix a security vulnerability

It was discovered that Mutt incorrectly handled certain email messages. An attacker could possibly use this issue to cause a denial of service because rfc822.c in Mutt through 2.0.4 allows remote attackers to cause a denial of service mailbox unavailability by sending email messages with sequence...

CentOS 8 : spamassassin (CESA-2020:4625)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2020:4625 advisory. - spamassassin: crafted configuration files can run system commands without any output or errors CVE-2018-11805 - spamassassin: crafted email message c...

EulerOS 2.0 SP8 : dovecot (EulerOS-SA-2021-1139)

According to the versions of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controll...

Fedora 32 : 1:dovecot (2021-c90cb486f7)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-c90cb486f7 advisory. - An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled...

CVE-2020-25275

Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts...

CVE-2020-25275

Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts...

[ASA-202101-2] roundcubemail: cross-site scripting

Arch Linux Security Advisory ASA-202101-2 ========================================= Severity: High Date : 2021-01-04 CVE-ID : CVE-2020-35730 Package : roundcubemail Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-1388 Summary ======= The package roundcubemail...

Cisco Jabber Input Validation Error Vulnerability

Cisco Jabber is the United States Cisco Cisco company's set of unified communications client solutions. The solution provides online status display, instant messaging, voice, and other features. Cisco Jabber suffers from an Input Validation Error vulnerability, which is caused by the software...

CVE-2020-14258

HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected...

Input validation

HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected...

Input validation

HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1...

CVE-2020-14230

HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1...

Design/Logic Flaw

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service DoS condition on an affected device. The...

Input validation

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit...

CVE-2020-3133 Cisco Email Security Appliance Content Filter Bypass Vulnerability

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit...

Important: dovecot

Issue Overview: In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. A flaw was found in dovecot. An attacker can use the way dovecot handles RPA Remote Passphrase Authentication to crash the authentication proce...

Dovecot Denial of Service Vulnerability (CNVD-2020-46785)

Dovecot is an open source based on Linux/UNIX-like systems IMAP and POP3 mail server . A security vulnerability exists in Dovecot versions prior to 2.3.11.3. A remote attacker can exploit this vulnerability to cause a denial of service resource consumption via a specially crafted e-mail message...

DEBIAN-CVE-2020-12100

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service resource consumption via a crafted e-mail message with deeply nested MIME parts...

CVE-2020-11066

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary...