PT-2024-14283 · Apache · Apache James

Name of the Vulnerable Software and Affected Versions: Apache James versions prior to 3.8.1 and 3.7.5 Description: A lenient behavior in line delimiter handling might create a difference of interpretation between the sender and the receiver, which can be exploited by an attacker to forge an SMTP...

CVE-2023-40711

Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to cause a denial of service out-of-memory abort via crafted packet data, as exploited in the wild in August 2023...

PT-2023-27609 · Veilid · Veilid

Name of the Vulnerable Software and Affected Versions: Veilid versions prior to 0.1.9 Description: The issue allows remote attackers to cause a denial of service out-of-memory abort via crafted packet data. This is due to the lack of size checking for uncompressed data during decompression upon a...

VulnCheck KEV: CVE-2023-40711

Veilid before 0.1.9 does not check the size of uncompressed data during decompression upon an envelope receipt, which allows remote attackers to cause a denial of service out-of-memory abort via crafted packet data, as exploited in the wild in August 2023...

SUSE CVE-2006-3668

Heap-based buffer overflow in the itreadenvelope function in Dynamic Universal Music Bibliotheque DUMB 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-assisted attackers to execute arbitrary code via a ".it" Impulse Tracker file with an envelope with a large numbe...

SUSE CVE-2008-4907

The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service persistent crash via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsi...

SUSE CVE-2020-6793

When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird 68.5...

bencode (>=0.1.1 <=0.1.8), bincode (>=0.0.3 <=0.0.9) +49 more potentially affected by unknown CVE via rustc-serialize (>=0.1.5 <=0.3.22)

rustc-serialize CARGO version =0.1.5, =0.1.1, =0.0.3, =0.1.12, =0.1.2, =0.5.3, =0.5.2, =0.5.1, =0.1.4, =0.1.8, =0.6.41, =0.6.42 - docoptmacros =0.6.42 - email =0.0.9 - envelope =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-2226-4V3C-CFF8...

Failure to verify the public key of a `SignedEnvelope` against the `PeerId` in a `PeerRecord`

Affected versions of this crate did not check that the public key the signature was created with matches the peer ID of the peer record. Any combination was considered valid. This allows an attacker to republish an existing PeerRecord with a different PeerId...

Open-Xchange: Null dereference in `cmd_denotify_operation_execute`

To reproduce, run test suite on following input : require "vnd.dovecot.testsuite"; require "notify"; require "envelope"; test "D Middle" // notify :options "timo@exat"; denotify :is "noot"; if not testresultexecute testfail "fat"; Output is with ASAN enabled stack trace...

CompleteFTP Professional 12.1.3 - Remote Code Execution

Exploit Title: CompleteFTP Professional 12.1.3 - Remote Code Execution Date: 2020-03-11 Exploit Author: 1F98D Original Author: Rhino Security Labs Vendor Homepage: https://enterprisedt.com/products/completeftp/ Version: CompleteFTP Professional Tested on: Windows 10 x64 CVE: CVE‑2019‑16116...

NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0025)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability...

Fedora 30 : opensmtpd (2020-31216ab928)

Release 6.6.4p1 2020-02-24 --- - An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the smtpq group. Release 6.6.3p1...

DEBIAN-CVE-2020-6793

When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird 68.5...

CVE-2020-6793

When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird 68.5...

CVE-2020-6793

When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird 68.5...

UBUNTU-CVE-2020-6793

When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird 68.5...

CVE-2020-6793

When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird 68.5...

CVE-2020-6793

When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird 68.5...

Mozilla: Out-of-bounds read when processing certain email messages

When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird 68.5...