Lucene search
K

261 matches found

BDU FSTEC
BDU FSTEC
added 2025/05/06 12:0 a.m.5 views

The vulnerability of the Apache James deployment and corporate email management software lies in its insufficient validation of input data, allowing attackers to trigger service failures.

The vulnerability of the Apache James software for deploying and managing corporate email is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures...

8.6CVSS5.5AI score0.00856EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/06 12:0 a.m.6 views

The vulnerability of the Apache James software server for enterprise email deployment and management involves an uncontrolled resource consumption, allowing attackers to cause service failures.

The vulnerability of the Apache James software server for deployment and corporate email management is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

7.8CVSS5.5AI score0.00769EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/26 3:54 a.m.64 views

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Google Guava and Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information. Pivota Spring...

9.8CVSS9.2AI score0.32257EPSS
Exploits4Affected Software1
CNVD
CNVD
added 2025/02/18 12:0 a.m.9 views

Apache James Resource Management Error Vulnerability

Apache James is the United States Apache Apache Foundation of a completely written in Java open source Smtp and Pop3 mail transfer agent and Nntp news server . Apache James suffers from a Resource Management Error vulnerability that stems from uncontrolled resource consumption by the application,...

7.5CVSS7AI score0.00769EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/14 9:46 a.m.8 views

CVE-2023-26269

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...

7.8CVSS7.2AI score0.00654EPSS
Exploits0References1
Veracode
Veracode
added 2025/02/11 11:34 a.m.7 views

Denial Of Service (DoS)

Apache James Server is vulnerable to Denial of Service DoS. The vulnerability is due to unbounded memory consumption due to the JMAP HTML-to-plain-text conversion implementation failing to properly limit resource usage, potentially leading to service disruption...

7.5CVSS6.7AI score0.00769EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/08 11:22 a.m.12 views

CVE-2024-45626

Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue...

7.5CVSS6.5AI score0.00769EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/08 11:22 a.m.9 views

CVE-2024-37358

Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate...

8.6CVSS6.4AI score0.00856EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/02/06 12:31 p.m.8 views

org.apache.james.examples:custom-imap (>=3.8.0 <=3.8.1), org.apache.james.examples:custom-james-assembly (>=3.8.0 <=3.8.1) +13 more potentially affected by CVE-2024-37358 via org.apache.james:james-server-protocols-imap4 (>=3.8.0 <=3.8.1)

org.apache.james:james-server-protocols-imap4 MAVEN version =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.1 Source cves: CVE-2024-37358 Source advisory:...

8.6CVSS5.8AI score0.00856EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/02/06 12:31 p.m.6 views

org.apache.james.examples:custom-james-assembly (>=3.7.0 <=3.7.5), org.apache.james:apache-james (=3.0-beta4) +22 more potentially affected by CVE-2024-37358 via org.apache.james:james-server-protocols-imap4 (>=3.0-beta4 <=3.7.5)

org.apache.james:james-server-protocols-imap4 MAVEN version =3.0-beta4, =3.7.0, =3.0.0, =3.4.0, =3.0.0, =3.7.0, =3.0.0, =3.0.0, =3.3.0, =3.3.0, =3.7.0, =3.7.0, =3.0.0, =3.7.5 and more Source cves: CVE-2024-37358 Source advisory: SNYK:JAVA-ORGAPACHEJAMES-8689864...

8.6CVSS5.8AI score0.00856EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/02/06 12:31 p.m.8 views

org.apache.james.examples:custom-james-assembly (>=3.8.0 <=3.8.1), org.apache.james:apache-james-mpt-smtp-cassandra (>=3.8.0 <=3.8.1) +14 more potentially affected by CVE-2024-45626 via org.apache.james:james-server-jmap-draft (>=3.8.0 <=3.8.1)

org.apache.james:james-server-jmap-draft MAVEN version =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.1 and more Source cves: CVE-2024-45626 Source advisory:...

7.5CVSS5.8AI score0.00769EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/02/06 12:31 p.m.11 views

org.apache.james.examples:custom-james-assembly (>=3.7.0 <=3.7.5), org.apache.james:apache-james-mpt-smtp-cassandra (>=3.5.0 <=3.7.5) +19 more potentially affected by CVE-2024-45626 via org.apache.james:james-server-jmap-draft (>=3.5.0 <=3.7.5)

org.apache.james:james-server-jmap-draft MAVEN version =3.5.0, =3.7.0, =3.5.0, =3.5.0, =3.7.0, =3.5.0, =3.5.0, =3.5.0, =3.5.0, =3.7.0, =3.7.0, =3.6.0, =3.7.0, =3.5.0, =3.5.0, =3.7.5 and more Source cves: CVE-2024-45626 Source advisory:...

7.5CVSS5.8AI score0.00769EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/02/06 12:31 p.m.7 views

org.apache.james.examples:custom-imap (>=3.8.0 <=3.8.1), org.apache.james.examples:custom-james-assembly (>=3.8.0 <=3.8.1) +15 more potentially affected by CVE-2024-37358 via org.apache.james.protocols:protocols-imap (>=3.8.0 <=3.8.1)

org.apache.james.protocols:protocols-imap MAVEN version =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.1 and more Source cves: CVE-2024-37358 Source advisory: OSV:GHSA-56JP-W6VW-J3JW...

8.6CVSS5.8AI score0.00856EPSS
Exploits0
OSV
OSV
added 2025/02/06 12:31 p.m.3 views

GHSA-56JP-W6VW-J3JW Apache James vulnerable to denial of service through the use of IMAP literals

Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate...

8.6CVSS5.9AI score0.00856EPSS
Exploits0References5
OSV
OSV
added 2025/02/06 12:31 p.m.5 views

GHSA-57M2-H3FW-RXHW Apache James vulnerable to denial of service through JMAP HTML to text conversion

Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue...

7.5CVSS5.8AI score0.00769EPSS
Exploits0References7
Snyk
Snyk
added 2025/02/06 12:31 p.m.2 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the JsoupHtmlTextExtractor function. An attacker can cause unbounded memory consumption leading to a denial of service by sending crafted HTML content that triggers excessive memory allocation. Details Denial o...

7.5CVSS7.5AI score0.00769EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/02/06 12:31 p.m.15 views

org.apache.james.examples:custom-james-assembly (>=3.7.0 <=3.7.5), org.apache.james:apache-james-mpt-antlib (>=3.0.0 <=3.0.1) +31 more potentially affected by CVE-2024-37358 via org.apache.james.protocols:protocols-imap (>=3.0.0-RC1 <=3.7.5)

org.apache.james.protocols:protocols-imap MAVEN version =3.0.0-RC1, =3.7.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.4.0, =3.0.0, =3.0.0, =3.7.0, =3.0.0, =3.0.0, =3.6.2 and more Source cves: CVE-2024-37358 Source advisory: OSV:GHSA-56JP-W6VW-J3JW...

8.6CVSS5.8AI score0.00856EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/02/06 12:31 p.m.13 views

Apache James vulnerable to denial of service through the use of IMAP literals

Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate...

8.6CVSS6.4AI score0.00856EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/02/06 12:31 p.m.16 views

Apache James vulnerable to denial of service through JMAP HTML to text conversion

Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue...

7.5CVSS6.6AI score0.00769EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2025/02/06 12:15 p.m.12 views

CVE-2024-45626

Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue...

7.5CVSS0.00769EPSS
Exploits0References2
Rows per page
Query Builder