117 matches found
DEBIAN-CVE-2025-3875
Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an invalid value "Spoofed Name ", Thunderbird treats [email protected] as the actual address. This vulnerability was fixed ...
UBUNTU-CVE-2025-3875
Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an invalid value "Spoofed Name ", Thunderbird treats [email protected] as the actual address. This vulnerability was fixed ...
Command Injection
swiftmailer/swiftmailer is vulnerable to Command Injection. The vulnerability is due to improper handling of the "From" header when it comes from a non-trusted source and when no "Return-Path" is configured, which allows an attacker to execute arbitrary shell commands...
PT-2024-40065 · Typo3 +1 · Typo3 +1
Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue allows execution of arbitrary shell commands if the "From" header comes from a non-trusted source and no "Return-Path" is configured. This is specifically related to the swiftmailer...
PT-2024-40077 · Unknown · Swiftmailer
Name of the Vulnerable Software and Affected Versions: SwiftMailer versions prior to 5.2.1 Description: The issue allows for arbitrary shell execution if the From header comes from a non-trusted source and no Return-Path is configured. This can be exploited when using the sendmail transport,...
FreeBSD : OpenDMARC - Remote denial of service (ede832bf-6576-11ec-a636-000c29061ce6)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ede832bf-6576-11ec-a636-000c29061ce6 advisory. - OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service NULL pointer...
tar: heap buffer overflow at from_header() in list.c via specially crafted checksum
A flaw was found in the Tar package. When attempting to read files with old V7 tar format with a specially crafted checksum, an invalid memory read may occur. An attacker could possibly use this issue to expose sensitive information or cause a crash...
tar: heap buffer overflow at from_header() in list.c via specially crafted checksum
A flaw was found in the Tar package. When attempting to read files with old V7 tar format with a specially crafted checksum, an invalid memory read may occur. An attacker could possibly use this issue to expose sensitive information or cause a crash...
OESA-2023-1104 tar security update
GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored. Security Fixes: GNU Tar through 1.34...
OESA-2023-1103 tar security update
GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored. Security Fixes: GNU Tar through 1.34...
OESA-2023-1089 tar security update
GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored. Security Fixes: GNU Tar through 1.34...
SUSE CVE-2003-0540
The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service lock via 1 a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or 2 v...
SUSE CVE-2003-1303
Buffer overflow in the imapfetchoverview function in the IMAP functionality phpimap.c in PHP before 4.3.3 allows remote attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a long e-mail address in a 1 To or 2 From header...
SUSE CVE-2003-1302
The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a 1 To or 2 From header with an address that contains a large number of "" backslash characters...
SUSE CVE-2008-2105
emailin.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE...
SUSE CVE-2008-2119
Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing aka pedanticsipchecking is enabled, allows remote attackers to cause a denial of service daemon crash via a SIP INVITE message that lacks a From header, related to...
SUSE CVE-2014-2957
The dmarcprocess function in dmarc.c in Exim before 4.82.1, when EXPERIMENTALDMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expandstring function...
SUSE CVE-2019-16056
An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To header...
SUSE CVE-2020-12397
By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird 68.8.0...
SUSE CVE-2021-33056
Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message...