Lucene search
K

165 matches found

CNNVD
CNNVD
added 2025/10/15 12:0 a.m.5 views

Netty 注入漏洞

Netty is a non-blocking I/O client-server framework from the Netty community, which is primarily used to develop Java web applications such as protocol servers and clients. An injection vulnerability exists in Netty versions prior to 4.1.128.Final and prior to 4.2.7.Final, which stems from...

6.9CVSS7AI score0.01617EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/04 12:0 a.m.10 views

CVE-2025-61962

In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context...

5.9CVSS0.00384EPSS
Exploits0References3
CVE
CVE
added 2025/10/02 9:30 p.m.15 views

CVE-2025-61600

CVE-2025-61600 affects Stalwart mail server: versions 0.13.3 and earlier have an unbounded memory allocation vulnerability in the IMAP protocol parser due to missing validation in several state handlers, potentially allowing remote attackers to exhaust server memory and trigger OOM, causing a den...

7.5CVSS6.7AI score0.00524EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/10/02 12:0 a.m.6 views

Stalwart 安全漏洞

stalwart is a versatile email and collaboration server open-sourced by Stalwart Labs. A security vulnerability exists in Stalwart 0.13.3 and earlier versions, which stems from a lack of validation checks in multiple state handlers in the IMAP protocol parser, which could lead to an unbounded memo...

7.5CVSS6.6AI score0.00524EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/16 12:0 a.m.4 views

EulerOS 2.0 SP13 : ruby (EulerOS-SA-2025-2150)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is...

6.5CVSS6.4AI score0.00412EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/20 9:14 a.m.4 views

CVE-2025-57733

In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content...

5.5CVSS6.9AI score0.00261EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-43857

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibili...

6.5CVSS6.5AI score0.00412EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-24661

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates e.g., self-signed certificate...

5.9CVSS5.9AI score0.00922EPSS
Exploits1References2
F5 Networks
F5 Networks
added 2025/08/13 12:29 p.m.14 views

K000152786: NGINX ngx_mail_smtp_module vulnerability CVE-2025-53859

Security Advisory Description NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the...

6.3CVSS7.3AI score0.00371EPSS
Exploits0Affected Software2
FreeBSD
FreeBSD
added 2025/08/13 12:0 a.m.4 views

nginx -- worker process memory disclosure

F5 reports: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This...

6.3CVSS7.6AI score0.00371EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/08/12 11:17 a.m.3 views

CVE-2025-40752

A vulnerability has been identified in POWER METER SICAM Q100 7KG9501-0AA01-0AA1 All versions = V2.60 = V2.60 = V2.60 = V2.60 = V2.70 V2.80. Affected devices store the password for the SMTP account as plain text. This could allow an authenticated local attacker to extract it and use the configure...

6.8CVSS7AI score0.00086EPSS
Exploits0References1
OSV
OSV
added 2025/04/28 4:15 p.m.5 views

ALPINE-CVE-2025-43857

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...

6.5CVSS6.6AI score0.00412EPSS
Exploits0References1
OSV
OSV
added 2025/02/28 3:32 p.m.4 views

OESA-2025-1196 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starti...

6.5CVSS6.6AI score0.00583EPSS
Exploits0References2
OSV
OSV
added 2025/02/10 4:15 p.m.4 views

DEBIAN-CVE-2025-25186

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...

6.5CVSS6.6AI score0.00583EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/14 12:0 a.m.5 views

Fortinet FortiSOAR 操作系统命令注入漏洞

Fortinet FortiSOAR is a Security Orchestration, Automation and Response SOAR solution from Fortinet, Inc. The Fortinet FortiSOAR IMAP connector is vulnerable to an operating system command injection vulnerability that stems from an improper neutralization of special elements used in operating...

8.8CVSS7.7AI score0.01098EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/01/10 12:23 a.m.5 views

SUSE CVE-2024-55196

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...

7.5CVSS7AI score0.00358EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/10/10 1:43 p.m.5 views

angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication

A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can allow insecure email...

7.4CVSS5.7AI score0.01936EPSS
Exploits0References4
OSV
OSV
added 2024/03/22 11:7 a.m.4 views

OESA-2024-1320 python-aiosmtpd security update

This is a server for SMTP and related protocols, similar in utility to the standard library's smtpd.py module, but rewritten to be based on asyncio for Python 3. Security Fixes: aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP...

5.3CVSS6.9AI score0.00371EPSS
Exploits0References2
OSV
OSV
added 2024/03/18 2:15 a.m.3 views

UBUNTU-CVE-2023-52159

A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service grossd daemon crash or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry...

7.5CVSS6.6AI score0.01055EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/03/12 12:0 a.m.3 views

aiosmtpd Data Forgery Issue Vulnerability

aiosmtpd is an asyncio-based SMTP server. aiosmtpd is vulnerable to a data forgery issue that stems from the presence of an SMTP smuggling vulnerability...

5.3CVSS6.8AI score0.00371EPSS
Exploits0References6
Rows per page
Query Builder