Lucene search
K

117 matches found

OSV
OSV
added 2025/05/14 5:15 p.m.1 views

DEBIAN-CVE-2025-3875

Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an invalid value "Spoofed Name ", Thunderbird treats [email protected] as the actual address. This vulnerability was fixed ...

7.5CVSS7.5AI score0.0032EPSS
Exploits0References1
OSV
OSV
added 2025/05/14 5:15 p.m.12 views

UBUNTU-CVE-2025-3875

Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an invalid value "Spoofed Name ", Thunderbird treats [email protected] as the actual address. This vulnerability was fixed ...

7.5CVSS7.1AI score0.0032EPSS
Exploits0References7
Veracode
Veracode
added 2024/05/31 4:46 a.m.14 views

Command Injection

swiftmailer/swiftmailer is vulnerable to Command Injection. The vulnerability is due to improper handling of the "From" header when it comes from a non-trusted source and when no "Return-Path" is configured, which allows an attacker to execute arbitrary shell commands...

7.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.5 views

PT-2024-40065 · Typo3 +1 · Typo3 +1

Name of the Vulnerable Software and Affected Versions: TYPO3 affected versions not specified Description: The issue allows execution of arbitrary shell commands if the "From" header comes from a non-trusted source and no "Return-Path" is configured. This is specifically related to the swiftmailer...

8.1CVSS7.6AI score
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/05/29 12:0 a.m.6 views

PT-2024-40077 · Unknown · Swiftmailer

Name of the Vulnerable Software and Affected Versions: SwiftMailer versions prior to 5.2.1 Description: The issue allows for arbitrary shell execution if the From header comes from a non-trusted source and no Return-Path is configured. This can be exploited when using the sendmail transport,...

7.5AI score
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2023/11/06 12:0 a.m.19 views

FreeBSD : OpenDMARC - Remote denial of service (ede832bf-6576-11ec-a636-000c29061ce6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ede832bf-6576-11ec-a636-000c29061ce6 advisory. - OpenDMARC 1.4.1 and 1.4.1.1 allows remote attackers to cause a denial of service NULL pointer...

7.5CVSS7.3AI score0.02746EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/10/10 3:48 p.m.6 views

tar: heap buffer overflow at from_header() in list.c via specially crafted checksum

A flaw was found in the Tar package. When attempting to read files with old V7 tar format with a specially crafted checksum, an invalid memory read may occur. An attacker could possibly use this issue to expose sensitive information or cause a crash...

5.5CVSS7.3AI score0.04524EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/02/28 8:21 a.m.8 views

tar: heap buffer overflow at from_header() in list.c via specially crafted checksum

A flaw was found in the Tar package. When attempting to read files with old V7 tar format with a specially crafted checksum, an invalid memory read may occur. An attacker could possibly use this issue to expose sensitive information or cause a crash...

5.5CVSS7.3AI score0.04524EPSS
Exploits1References5
OSV
OSV
added 2023/02/17 11:4 a.m.6 views

OESA-2023-1104 tar security update

GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored. Security Fixes: GNU Tar through 1.34...

5.5CVSS7AI score0.04524EPSS
Exploits1References2
OSV
OSV
added 2023/02/17 11:4 a.m.4 views

OESA-2023-1103 tar security update

GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored. Security Fixes: GNU Tar through 1.34...

5.5CVSS7AI score0.04524EPSS
Exploits1References2
OSV
OSV
added 2023/02/17 11:4 a.m.4 views

OESA-2023-1089 tar security update

GNU Tar provides the ability to create tar archives, as well as various other kinds of manipulation. For example, you can use Tar on previously created archives to extract files, to store additional files, or to update or list files which were already stored. Security Fixes: GNU Tar through 1.34...

5.5CVSS7AI score0.04524EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.4 views

SUSE CVE-2003-0540

The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service lock via 1 a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or 2 v...

5CVSS6.8AI score0.21261EPSS
Exploits4References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.3 views

SUSE CVE-2003-1303

Buffer overflow in the imapfetchoverview function in the IMAP functionality phpimap.c in PHP before 4.3.3 allows remote attackers to cause a denial of service segmentation fault and possibly execute arbitrary code via a long e-mail address in a 1 To or 2 From header...

5CVSS8.3AI score0.12122EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:21 a.m.5 views

SUSE CVE-2003-1302

The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a 1 To or 2 From header with an address that contains a large number of "" backslash characters...

5CVSS7AI score0.01352EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:8 a.m.5 views

SUSE CVE-2008-2105

emailin.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before 3.1.4 allows remote authenticated users to more easily spoof the changer of a bug via a @reporter command in the body of an e-mail message, which overrides the e-mail address as normally obtained from the From e-mail header. NOTE...

3.5CVSS7AI score0.00967EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:8 a.m.3 views

SUSE CVE-2008-2119

Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business Edition A.x.x and B.x.x before B.2.5.3, when pedantic parsing aka pedanticsipchecking is enabled, allows remote attackers to cause a denial of service daemon crash via a SIP INVITE message that lacks a From header, related to...

4.3CVSS6.8AI score0.07273EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:29 a.m.4 views

SUSE CVE-2014-2957

The dmarcprocess function in dmarc.c in Exim before 4.82.1, when EXPERIMENTALDMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expandstring function...

6.8CVSS8.1AI score0.05285EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:8 a.m.5 views

SUSE CVE-2019-16056

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To header...

6.5CVSS9.2AI score0.05366EPSS
Exploits0References42
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.5 views

SUSE CVE-2020-12397

By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird 68.8.0...

4.3CVSS9AI score0.00597EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.3 views

SUSE CVE-2021-33056

Belledonne Belle-sip before 4.5.20, as used in Linphone and other products, can crash via an invalid From header in a SIP message...

7.5CVSS7.9AI score0.01294EPSS
Exploits0References3
Rows per page
Query Builder