EUVD-2024-53882

Malicious code in bioql PyPI...

EUVD-2022-0517

Malicious code in bioql PyPI...

EUVD-2022-0588

Malicious code in bioql PyPI...

CVE-2022-28220

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests...

CVE-2021-38542

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...

CVE-2024-37358

Technical details about CVE-2024-37358 (affected software, impact, and fixes) are not provided in the connected documents. Monitor for updates.

PT-2024-14283 · Apache · Apache James

Name of the Vulnerable Software and Affected Versions: Apache James versions prior to 3.8.1 and 3.7.5 Description: A lenient behavior in line delimiter handling might create a difference of interpretation between the sender and the receiver, which can be exploited by an attacker to forge an SMTP...

PT-2024-14172 · Apache · Apache James

Name of the Vulnerable Software and Affected Versions: Apache James versions prior to 3.7.5 and 3.8.0 Description: The issue concerns the exposure of a JMX endpoint on localhost, which is subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadget, this could b...

PT-2022-10736 · Apache · Apache James

Name of the Vulnerable Software and Affected Versions: Apache James versions prior to 3.6.1 Description: The issue allows for a buffering attack using the STARTTLS command, potentially leading to Man-in-the-middle command injection attacks. This could result in the leakage of sensitive informatio...