99 matches found
FreeBSD : cyrus-imapd -- unbounded memory allocation (14908bda-232b-11ef-b621-00155d645102)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 14908bda-232b-11ef-b621-00155d645102 advisory. Cyrus IMAP 3.8.3 Release Notes states: Fixed CVE-2024-34055: Cyrus-IMAP through 3.8.2 and 3.10.0-beta2...
Moderate: Red Hat Security Advisory: mutt security update
An update for mutt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...
cyrus-imapd -- unbounded memory allocation
Cyrus IMAP 3.8.3 Release Notes states: Fixed CVE-2024-34055: Cyrus-IMAP through 3.8.2 and 3.10.0-beta2 allow authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command. The IMAP protocol allows for command arguments to be LITERALs of negotiated lengt...
Synacor Zimbra Security Vulnerability
Synacor Zimbra is an open source email collaboration platform from Synacor, Inc. A security vulnerability exists in Synacor Zimbra Collaboration ZCS version 8.8.15, 9.0, which stems from a closed account with 2FA and a generated password that can send emails when configured as Imap/smtp...
CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK
The Computer Emergency Response Team of Ukraine CERT-UA has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information. The activity, which was detected by the...
Open-Xchange OX App Suite 安全漏洞
Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange OX App Suite OXAS-BACKEND, which stems from the IMAP function response processing not limiting the size of the response to a reasonable size when...
SUSE CVE-2006-2414
Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the 1 LIST or 2 DELETE IMAP command...
SUSE CVE-2021-3657
A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large =2GiB IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for...
[update] American Airlines suffers data breach after phishing incident
Major airline American Airlines has fallen victim to a data breach after a threat actor got access to the email accounts of several employees via a phishing attack. According to a published notice of a security incident, the data breach was discovered in July 2022. How it happened American Airlin...
Mageia: Security Advisory (MGASA-2019-0261)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
UBUNTU-CVE-2021-44143
A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers i.e., one that starts with an empty line to provoke a heap overflow, which could conceivably be exploited for remote...
AZL-6366 CVE-2021-22947 affecting package curl for versions less than 7.82.0-1
When curl = 7.20.0 and = 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instea...
Protocol downgrade required TLS bypassed
A user can tell curl to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server --ssl-reqd on the command line or CURLOPTUSESSL set to CURLUSESSLCONTROL or CURLUSESSLALL with libcurl. This requirement could be bypassed if the server would return a properly crafted but...
UBUNTU-CVE-2021-38370
In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS...
DEBIAN-CVE-2021-29969
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...
Advisory ROSA-SA-2021-1925
Software: mutt 1.5.21 OS: Cobalt 7.9 CVE-ID: CVE-2018-14349 CVE-Crit: CRITICAL CVE-DESC: issue was found in Mutt before 1.10.1 and NeoMutt before 16.07.2018. imap / command.c incorrectly handles NO response without a message. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2018-14350 CVE-Crit:...
Email Bug Allows Message Snooping, Credential Theft
Researchers warn hackers can snoop on email messages by exploiting a bug in the underlying technology used by the majority of email servers that run the Internet Message Access Protocol, commonly referred to as IMAP. The bug, first reported in August 2020 and patched Monday, is tied to the email...
UBUNTU-CVE-2021-32055
Mutt 1.11.0 through 2.0.x before 2.0.7 and NeoMutt 2019-10-25 through 2021-05-04 has a $imapqresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imapqresync setting for QRESYNC is not enabled by default...
DEBIAN-CVE-2021-20247
A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the...
TurkeyBombing Puts New Twist on Zoom Abuse
Millions of family and friends, forced to spend Thanksgiving socially distant, are being targeted by cybercriminals as they turn to video platforms like Zoom to virtually be together. In this ongoing attack, cybersecurity experts warn, victims are targeted with a Zoom-related and...