98 matches found
OESA-2025-2087 nginx security update
NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication...
USN-7715-1 nginx vulnerability
It was discovered that the nginx ngxmailsmtpmodule module incorrectly handled certain memory operations when doing SMTP authentication. This could possibly result in sensitive information being sent to the authentication server...
BIT-NGINX-2025-53859 NGINX ngx_mail_smtp_module vulnerability
NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...
FreeBSD : nginx -- worker process memory disclosure (eb03714d-79f0-11f0-b4c1-ac5afc632ba3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the eb03714d-79f0-11f0-b4c1-ac5afc632ba3 advisory. F5 reports: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might...
AZL-66308 CVE-2025-53859 affecting package nginx for versions less than 1.22.1-14
NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...
CVE-2025-53859
NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...
DEBIAN-CVE-2025-53859
NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...
CVE-2025-53859
NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...
CVE-2025-53859
Technical details about CVE-2025-53859 are not provided in the connected documents. The initial description notes an over-read in NGINX SMTP authentication, but no technical specifics are included here. Monitor for updates.
F5 NGINX Plus和F5 NGINX Open Source 缓冲区错误漏洞
F5 NGINX Plus and F5 NGINX Open Source are both products of F5 Corporation, U.S.A. F5 NGINX Plus is a software-based application delivery platform.F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway. A buffer error vulnerability exists in F5...
Visual Voice Mail 访问控制错误漏洞
Visual Voice Mail is visual voicemail. An Access Control Error vulnerability exists in Visual Voice Mail that stems from the product allowing temporary access to read SMS messages and read an IMAP authentication message. The following products and versions are affected: Visual Voice Mail version...
Email spoofing: how attackers impersonate legitimate senders
Introduction In a nutshell, email spoofing is the creation of fake emails that seem legitimate. This article analyzes the spoofing of email addresses through changing the From header, which provides information about the senders name and address. SMTP Simple Mail Transfer Protocol, the main email...
DEBIAN-CVE-2019-20790
OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field...
UBUNTU-CVE-2019-20790
OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field...
SYNCK GRAPHICA Mailform Pro CGI vulnerable to remote code execution
Overview Mailform Pro CGI provided by SYNCK GRAPHICA contains a flaw in the process of sending emails, which may result in an arbitrary code execution. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
Yahoo Messenger information leak
Web mail authentication response reply with session identifier is saved in browser cache...
cmd5checkpw CRAM-MD5 mail authentication program privilege escalation
Elevated privileges are not dropped then user-supplied program is launched...
DeskNow Web Mail Cleartext Authentication
Binary data 1766.prm...