Default credentials

edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name...

Cisco Email Security Appliance Content Filter Bypass Vulnerability (cisco-sa-20190417-esa-filter-bypass)

According to its self-reported version, Cisco Email Security Appliance ESA is affected by following vulnerability - A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured...

Cisco Email Security Appliance Content Filter Bypass Vulnerability

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper input validation of certain email fields. An attacker cou...

Cisco Email Security Appliance Content Filter Bypass Vulnerability

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker...

UBUNTU-CVE-2018-15586

Enigmail before 2.0.6 is prone to to OpenPGP signatures being spoofed for arbitrary messages using a PGP/INLINE signature wrapped within a specially crafted multipart HTML email...

The vulnerability of the Microsoft Exchange Server mail server, related to errors in memory object processing, allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Exchange Server exists due to errors in memory object handling. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the system user by sending a specially crafted email message...

CVE-2018-15460

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service DoS condition on an affected device. The...

Apple macOS Mojave Mail UI Spoofing Vulnerability

Apple macOS Mojave is a specialized operating system developed by Apple Inc. for Mac computers.The App Store is a platform for online distribution of applications.Mail is an email component of the... A security vulnerability exists in the Mail component of Apple macOS Mojave version 10.14. The...

Description of the security update for Outlook 2013: October 9, 2018

Description of the security update for Outlook 2013: October 9, 2018 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Security Advisory...

Multiple Cobalt Personality Disorder

Introduction Despite the notion that modern cybersecurity protocols have stopped email-based attacks, email continues to be one of the primary attack vectors for malicious actors — both for widespread and targeted operations. Recently, Cisco Talos has observed numerous email-based attacks that ar...

IBM iNotes Information Disclosure Vulnerability (CNVD-2018-19429)

IBM iNotes also known as IBM Lotus iNotes is a set of Web-based e-mail software from IBM in the United States. The software helps different types of users online and offline users to effectively manage business-critical information and collaboration. An information disclosure vulnerability exists...

Threat Outbreak Alert RuleID32460: Email Messages Distributing Malicious Software on April 13, 2018

Medium Alert ID: 57481 First Published: 2018 April 13 19:22 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID32460 may contain the following files: Name | Si...

Out-of-bounds

A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the...

CVE-2017-14461

A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the...

CVE-2017-14461

A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the...

Threat Outbreak Alert RuleID32015: Email Messages Distributing Malicious Software on February 20, 2018

Medium Alert ID: 56873 First Published: 2018 February 20 16:42 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID32015 may contain the following files: Name |...

CVE-2017-17752

Ability Mail Server 3.3.2 has Cross Site Scripting XSS via the body of an e-mail message, with JavaScript code executed on the Read Mail screen aka the /readmail URI. This is fixed in version 4.2.4...

Design/Logic Flaw

An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Mail" component. It allows remote attackers to bypass an intended off value of the "Load remote content in messages" setting, and consequently discover an e-mail recipient's IP address, via ...

Description of the security update for Outlook 2016: October 10, 2017

Description of the security update for Outlook 2016: October 10, 2017 Summary This security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see Microsoft Common...

Threat Outbreak Alert RuleID30772: Email Messages Distributing Malicious Software on September 28, 2017

Medium Alert ID: 55406 First Published: 2017 September 28 16:52 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID30772 may contain the following files: Name ...