CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Java stream based MIME message parser. Security Fixes: A vulnerability was found in Apache James MIME4J up to 0.8.8. It has been rated as problematic.Using CWE to declare the problem leads to CWE-200. The product exposes sensitive information to an actor that is not explicitly authorized to have...

5.5CVSS6.5AI score0.00009EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 5:0 a.m.•4 views

CVE-2023-51518

Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation. Note that by default JM...

9.8CVSS6.7AI score0.00439EPSS

Exploits0

RedhatCVE•added 2025/05/23 1:4 a.m.•3 views

CVE-2022-28220

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests...

7.5CVSS6.7AI score0.09184EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 9:26 p.m.•3 views

CVE-2021-38542

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...

5.9CVSS6.8AI score0.00614EPSS

Exploits0References1

RedhatCVE•added 2025/05/21 9:31 p.m.•3 views

CVE-2004-2650

Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service memory consumption by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak...

4.9CVSS6.5AI score0.00069EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by