Lucene search
K

98 matches found

OSV
OSV
added 2025/08/29 11:18 a.m.7 views

OESA-2025-2087 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication...

6.3CVSS7.3AI score0.00371EPSS
Exploits0References2
OSV
OSV
added 2025/08/25 12:14 p.m.7 views

USN-7715-1 nginx vulnerability

It was discovered that the nginx ngxmailsmtpmodule module incorrectly handled certain memory operations when doing SMTP authentication. This could possibly result in sensitive information being sent to the authentication server...

6.3CVSS5.8AI score0.00371EPSS
Exploits0References2
OSV
OSV
added 2025/08/18 8:7 a.m.55 views

BIT-NGINX-2025-53859 NGINX ngx_mail_smtp_module vulnerability

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

6.3CVSS7.5AI score0.00371EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.6 views

FreeBSD : nginx -- worker process memory disclosure (eb03714d-79f0-11f0-b4c1-ac5afc632ba3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the eb03714d-79f0-11f0-b4c1-ac5afc632ba3 advisory. F5 reports: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might...

6.3CVSS5.8AI score0.00371EPSS
Exploits0References3
OSV
OSV
added 2025/08/13 3:15 p.m.6 views

AZL-66308 CVE-2025-53859 affecting package nginx for versions less than 1.22.1-14

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

6.3CVSS5.9AI score0.00371EPSS
Exploits0References1
OSV
OSV
added 2025/08/13 3:15 p.m.6 views

CVE-2025-53859

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

6.3CVSS7.5AI score
Exploits0References2
OSV
OSV
added 2025/08/13 3:15 p.m.4 views

DEBIAN-CVE-2025-53859

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

6.3CVSS5.7AI score0.00371EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/08/13 2:46 p.m.4 views

CVE-2025-53859

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

6.3CVSS5.7AI score0.00371EPSS
Exploits0
CVE
CVE
added 2025/08/13 2:46 p.m.142 views

CVE-2025-53859

Technical details about CVE-2025-53859 are not provided in the connected documents. The initial description notes an over-read in NGINX SMTP authentication, but no technical specifics are included here. Monitor for updates.

6.3CVSS7.5AI score0.00371EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.8 views

F5 NGINX Plus和F5 NGINX Open Source 缓冲区错误漏洞

F5 NGINX Plus and F5 NGINX Open Source are both products of F5 Corporation, U.S.A. F5 NGINX Plus is a software-based application delivery platform.F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. A buffer error vulnerability exists in F5...

6.3CVSS6.8AI score0.00371EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/02/25 12:0 a.m.5 views

Visual Voice Mail 访问控制错误漏洞

Visual Voice Mail is visual voicemail. An Access Control Error vulnerability exists in Visual Voice Mail that stems from the product allowing temporary access to read SMS messages and read an IMAP authentication message. The following products and versions are affected: Visual Voice Mail version...

8.1CVSS7.7AI score0.01406EPSS
Exploits1References2
Securelist
Securelist
added 2021/06/03 10:0 a.m.213 views

Email spoofing: how attackers impersonate legitimate senders

Introduction In a nutshell, email spoofing is the creation of fake emails that seem legitimate. This article analyzes the spoofing of email addresses through changing the From header, which provides information about the senders name and address. SMTP Simple Mail Transfer Protocol, the main email...

6.5AI score
Exploits0
OSV
OSV
added 2020/04/27 2:15 p.m.2 views

DEBIAN-CVE-2019-20790

OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field...

9.8CVSS8.6AI score0.02658EPSS
Exploits1References1
OSV
OSV
added 2020/04/27 2:15 p.m.7 views

UBUNTU-CVE-2019-20790

OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field...

9.8CVSS7.3AI score0.02658EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2015/02/25 6:0 a.m.3 views

SYNCK GRAPHICA Mailform Pro CGI vulnerable to remote code execution

Overview Mailform Pro CGI provided by SYNCK GRAPHICA contains a flaw in the process of sending emails, which may result in an arbitrary code execution. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

6.8CVSS7.5AI score0.02293EPSS
Exploits0References5
securityvulns
securityvulns
added 2007/03/28 12:0 a.m.26 views

Yahoo Messenger information leak

Web mail authentication response reply with session identifier is saved in browser cache...

2AI score
Exploits0References1
securityvulns
securityvulns
added 2005/02/27 12:0 a.m.26 views

cmd5checkpw CRAM-MD5 mail authentication program privilege escalation

Elevated privileges are not dropped then user-supplied program is launched...

3.7AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.10 views

DeskNow Web Mail Cleartext Authentication

Binary data 1766.prm...

7.3AI score
Exploits0
Rows per page
Query Builder