165 matches found
Netty 注入漏洞
Netty is a non-blocking I/O client-server framework from the Netty community, which is primarily used to develop Java web applications such as protocol servers and clients. An injection vulnerability exists in Netty versions prior to 4.1.128.Final and prior to 4.2.7.Final, which stems from...
CVE-2025-61962
In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context...
CVE-2025-61600
CVE-2025-61600 affects Stalwart mail server: versions 0.13.3 and earlier have an unbounded memory allocation vulnerability in the IMAP protocol parser due to missing validation in several state handlers, potentially allowing remote attackers to exhaust server memory and trigger OOM, causing a den...
Stalwart 安全漏洞
stalwart is a versatile email and collaboration server open-sourced by Stalwart Labs. A security vulnerability exists in Stalwart 0.13.3 and earlier versions, which stems from a lack of validation checks in multiple state handlers in the IMAP protocol parser, which could lead to an unbounded memo...
EulerOS 2.0 SP13 : ruby (EulerOS-SA-2025-2150)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is...
CVE-2025-57733
In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content...
Linux Distros Unpatched Vulnerability : CVE-2025-43857
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibili...
Linux Distros Unpatched Vulnerability : CVE-2020-24661
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates e.g., self-signed certificate...
K000152786: NGINX ngx_mail_smtp_module vulnerability CVE-2025-53859
Security Advisory Description NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the...
nginx -- worker process memory disclosure
F5 reports: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This...
CVE-2025-40752
A vulnerability has been identified in POWER METER SICAM Q100 7KG9501-0AA01-0AA1 All versions = V2.60 = V2.60 = V2.60 = V2.60 = V2.70 V2.80. Affected devices store the password for the SMTP account as plain text. This could allow an authenticated local attacker to extract it and use the configure...
ALPINE-CVE-2025-43857
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is a possibility for denial of service by memory exhaustion when net-imap reads server responses. At any time while the client is connected, a maliciou...
OESA-2025-1196 ruby security update
Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starti...
DEBIAN-CVE-2025-25186
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Starting in version 0.3.2 and prior to versions 0.3.8, 0.4.19, and 0.5.6, there is a possibility for denial of service by memory exhaustion in net-imap's response parser. At any time while the client is...
Fortinet FortiSOAR 操作系统命令注入漏洞
Fortinet FortiSOAR is a Security Orchestration, Automation and Response SOAR solution from Fortinet, Inc. The Fortinet FortiSOAR IMAP connector is vulnerable to an operating system command injection vulnerability that stems from an improper neutralization of special elements used in operating...
SUSE CVE-2024-55196
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...
angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication
A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can allow insecure email...
OESA-2024-1320 python-aiosmtpd security update
This is a server for SMTP and related protocols, similar in utility to the standard library's smtpd.py module, but rewritten to be based on asyncio for Python 3. Security Fixes: aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP...
UBUNTU-CVE-2023-52159
A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service grossd daemon crash or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry...
aiosmtpd Data Forgery Issue Vulnerability
aiosmtpd is an asyncio-based SMTP server. aiosmtpd is vulnerable to a data forgery issue that stems from the presence of an SMTP smuggling vulnerability...