442 matches found
CVE-2023-43767
Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 1...
WithSecure products Security breaches
WithSecure products is a line of security software from the Finnish company WithSecure. A security vulnerability in WithSecure products exists because the antivirus engine may crash when scanning for fuzzy PE32 files, which could be exploited by an attacker to cause a denial of service DoS of the...
WithSecure products Security breaches
WithSecure products is a line of security software from the Finnish company WithSecure. A security vulnerability in WithSecure products exists because the antivirus engine may crash when scanning for fuzzy PE32 files, which could be exploited by an attacker to cause a denial of service DoS of the...
WithSecure products Security breaches
WithSecure products is a line of security software from the Finnish company WithSecure. A security vulnerability exists in WithSecure products, which originates from the aepack archive unpack handler program that allows a local user to perform a denial of service on a system and bypass security...
PT-2023-28974 · Withsecure · Withsecure Elements Endpoint Protection +5
Name of the Vulnerable Software and Affected Versions: WithSecure Client Security version 15 WithSecure Server Security version 15 WithSecure Email and Server Security version 15 WithSecure Elements Endpoint Protection versions 17 and later WithSecure Client Security for Mac version 15 WithSecure...
CVE-2023-3251
A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application.This issue affects Nessus: before 10.6.0...
New Wave of Attack Campaign Targeting Zimbra Email Users for Credential Theft
A new "mass-spreading" social engineering campaign is targeting users of the Zimbra Collaboration email server with an aim to collect their login credentials for use in follow-on operations. The activity, active since April 2023 and still ongoing, targets a wide range of small and medium business...
North Korean Hackers Targets Russian Missile Engineering Firm
Two different North Korean nation-state actors have been linked to a cyber intrusion against NPO Mashinostroyeniya, a major Russian missile engineering company. Cybersecurity firm SentinelOne said it identified "two instances of North Korea related compromise of sensitive internal IT...
CVE-2023-38686 Sydent does not verify email server certificates
Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with...
CVE-2023-2389
A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewalllogsemail.htm of the component Web Management Interface. The manipulation of the argument smtpServer.emailServer leads to...
CVE-2023-2383
A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewalllogsemail.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cro...
PT-2023-2603 · NetGear · Netgear Srx5308
Name of the Vulnerable Software and Affected Versions: Netgear SRX5308 versions up to 4.3.5-3 Description: The issue exists due to insufficient input validation in the web management interface of the Netgear SRX5308 router's embedded software. This allows a remote attacker to conduct a cross-site...
BulletProof FTP Server 2019.0.0.51 Denial Of Service
Exploit Title: BulletProof FTP Server 2019.0.0.51 - Denial of Service Discovery by: Yehia Elghaly - Mrvar0x Discovery Date: 2023-03-31 Vendor Homepage: https://barcodemagic.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.51 Tested on:...
The vulnerability of the STARTTLS function in email servers, related to insufficient elimination of special elements in the request, allows attackers to compromise data integrity.
The vulnerability of the STARTTLS function of the Exim mail server is related to insufficient elimination of special elements in the request. Exploiting this vulnerability could allow a malicious actor to compromise data integrity remotely...
Debian: Security Advisory (DLA-0004-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Denial of service vulnerability on Password reset page
Impact Previous versions of Kiwi TCMS do not impose rate limits which makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users in Kiwi TCMS. Additionally that may...
Code injection
Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users...
Kiwi TCMS 安全漏洞
Kiwi TCMS is a leading open source test management system for manual and automated testing from Kiwi TCMS Open Source. A security vulnerability exists in Kiwi TCMS versions prior to 12.0, which stems from the fact that the system is not rate-limited, which makes brute-force attacks on the login...
CVE-2023-25171
Kiwi TCMS before version 12.0 does not implement rate limiting, enabling potential denial-of-service on the Password reset page by flooding with emails and straining SMTP resources. The issue is mitigated by upgrading to v12.0 or later. Workarounds include deploying a rate-limiting proxy in front...
CVE-2023-25171 Kiwi TCMS has denial of service vulnerability on Password reset page
Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users...