Lucene search
K

99 matches found

Tenable Nessus
Tenable Nessus
added 2024/06/06 12:0 a.m.17 views

FreeBSD : cyrus-imapd -- unbounded memory allocation (14908bda-232b-11ef-b621-00155d645102)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 14908bda-232b-11ef-b621-00155d645102 advisory. Cyrus IMAP 3.8.3 Release Notes states: Fixed CVE-2024-34055: Cyrus-IMAP through 3.8.2 and 3.10.0-beta2...

6.5CVSS6.5AI score0.00836EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/04/30 9:54 a.m.24 views

Moderate: Red Hat Security Advisory: mutt security update

An update for mutt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

6.5CVSS6.2AI score0.00719EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2024/04/30 12:0 a.m.21 views

cyrus-imapd -- unbounded memory allocation

Cyrus IMAP 3.8.3 Release Notes states: Fixed CVE-2024-34055: Cyrus-IMAP through 3.8.2 and 3.10.0-beta2 allow authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command. The IMAP protocol allows for command arguments to be LITERALs of negotiated lengt...

6.5CVSS7.2AI score0.00836EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/13 12:0 a.m.4 views

Synacor Zimbra Security Vulnerability

Synacor Zimbra is an open source email collaboration platform from Synacor, Inc. A security vulnerability exists in Synacor Zimbra Collaboration ZCS version 8.8.15, 9.0, which stems from a closed account with 2FA and a generated password that can send emails when configured as Imap/smtp...

6.5CVSS6.8AI score0.00585EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2023/12/29 10:41 a.m.71 views

CERT-UA Uncovers New Malware Wave Distributing OCEANMAP, MASEPIE, STEELHOOK

The Computer Emergency Response Team of Ukraine CERT-UA has warned of a new phishing campaign orchestrated by the Russia-linked APT28 group to deploy previously undocumented malware such as OCEANMAP, MASEPIE, and STEELHOOK to harvest sensitive information. The activity, which was detected by the...

9.8CVSS9.6AI score0.97408EPSS
Exploits18
CNNVD
CNNVD
added 2023/06/20 12:0 a.m.4 views

Open-Xchange OX App Suite 安全漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange OX App Suite OXAS-BACKEND, which stems from the IMAP function response processing not limiting the size of the response to a reasonable size when...

4.3CVSS5.2AI score0.01148EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 6:15 a.m.2 views

SUSE CVE-2006-2414

Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the 1 LIST or 2 DELETE IMAP command...

5CVSS7AI score0.0239EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:48 a.m.5 views

SUSE CVE-2021-3657

A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large =2GiB IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for...

9.8CVSS9.5AI score0.03331EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2022/09/20 2:0 p.m.13 views

[update] American Airlines suffers data breach after phishing incident

Major airline American Airlines has fallen victim to a data breach after a threat actor got access to the email accounts of several employees via a phishing attack. According to a published notice of a security incident, the data breach was discovered in July 2022. How it happened American Airlin...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.8 views

Mageia: Security Advisory (MGASA-2019-0261)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.62579EPSS
Exploits1References4
OSV
OSV
added 2021/11/22 8:15 p.m.3 views

UBUNTU-CVE-2021-44143

A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers i.e., one that starts with an empty line to provoke a heap overflow, which could conceivably be exploited for remote...

9.8CVSS7.5AI score0.03662EPSS
Exploits0References5
OSV
OSV
added 2021/09/29 8:15 p.m.5 views

AZL-6366 CVE-2021-22947 affecting package curl for versions less than 7.82.0-1

When curl = 7.20.0 and = 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instea...

5.9CVSS6.7AI score0.02799EPSS
Exploits1References1
curl security advisories
curl security advisories
added 2021/09/15 8:0 a.m.13 views

Protocol downgrade required TLS bypassed

A user can tell curl to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server --ssl-reqd on the command line or CURLOPTUSESSL set to CURLUSESSLCONTROL or CURLUSESSLALL with libcurl. This requirement could be bypassed if the server would return a properly crafted but...

7.5CVSS6.5AI score0.04224EPSS
Exploits1References1Affected Software2
OSV
OSV
added 2021/08/10 3:15 p.m.3 views

UBUNTU-CVE-2021-38370

In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS...

5.9CVSS6.2AI score0.01565EPSS
Exploits1References5
OSV
OSV
added 2021/08/05 8:15 p.m.1 views

DEBIAN-CVE-2021-29969

If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...

5.9CVSS8.9AI score0.012EPSS
Exploits0References1
Rosalinux
Rosalinux
added 2021/07/02 5:31 p.m.32 views

Advisory ROSA-SA-2021-1925

Software: mutt 1.5.21 OS: Cobalt 7.9 CVE-ID: CVE-2018-14349 CVE-Crit: CRITICAL CVE-DESC: issue was found in Mutt before 1.10.1 and NeoMutt before 16.07.2018. imap / command.c incorrectly handles NO response without a message. CVE-STATUS: default CVE-REV: default CVE-ID: CVE-2018-14350 CVE-Crit:...

9.8CVSS8.1AI score0.0502EPSS
Exploits0
ThreatPost
ThreatPost
added 2021/06/22 6:7 p.m.61 views

Email Bug Allows Message Snooping, Credential Theft

Researchers warn hackers can snoop on email messages by exploiting a bug in the underlying technology used by the majority of email servers that run the Internet Message Access Protocol, commonly referred to as IMAP. The bug, first reported in August 2020 and patched Monday, is tied to the email...

5.8CVSS6.7AI score0.02837EPSS
Exploits0References11
OSV
OSV
added 2021/05/05 4:15 p.m.7 views

UBUNTU-CVE-2021-32055

Mutt 1.11.0 through 2.0.x before 2.0.7 and NeoMutt 2019-10-25 through 2021-05-04 has a $imapqresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imapqresync setting for QRESYNC is not enabled by default...

9.1CVSS7.3AI score0.02551EPSS
Exploits0References6
OSV
OSV
added 2021/02/23 7:15 p.m.1 views

DEBIAN-CVE-2021-20247

A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the...

7.4CVSS7.2AI score0.0188EPSS
Exploits1References1
ThreatPost
ThreatPost
added 2020/11/27 5:33 p.m.149 views

TurkeyBombing Puts New Twist on Zoom Abuse

Millions of family and friends, forced to spend Thanksgiving socially distant, are being targeted by cybercriminals as they turn to video platforms like Zoom to virtually be together. In this ongoing attack, cybersecurity experts warn, victims are targeted with a Zoom-related and...

Exploits0References12
Rows per page
Query Builder