CVE-2026-50645 Apache CXF: No restriction on attachment headers per message

There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to uncontrolled resource consumption or a denial of service attack. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue by...

CVE-2026-50645

CVE-2026-50645 affects Apache CXF during message deserialization, where there is no restriction on the number of attachment headers. This can enable uncontrolled resource consumption and a denial-of-service condition. The issue is mitigated by limiting attachments per message to a default maximum...

EUVD-2026-36403

There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to uncontrolled resource consumption or a denial of service attack. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue by...

CVE-2026-50645 Apache CXF: No restriction on attachment headers per message

There is no restriction on the amount of attachment headers that a message can contain when being deserialized by Apache CXF, which can lead to uncontrolled resource consumption or a denial of service attack. Users are recommended to upgrade to versions 4.2.2 or 4.1.7, which fix this issue by...

CVE-2023-47272

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header used for attachment preview or download...

UBUNTU-CVE-2023-47272

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header used for attachment preview or download...

PT-2023-6963 · Roundcube +3 · Roundcube +3

Name of the Vulnerable Software and Affected Versions: Roundcube versions 1.5.x through 1.5.5 Roundcube versions 1.6.x through 1.6.4 Description: The issue is related to improper input neutralization during web page creation, which can lead to cross-site scripting XSS attacks via a Content-Type o...

GHSA-7VGJ-8MW4-HG8R Improper Input Validation in Apache CXF

Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service DoS attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack...

CVE-2017-12624

Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service DoS attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack...

Privilege escalation

An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook...

CVE-2018-8244

An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly, aka "Microsoft Outlook Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Outlook...

Microsoft Outlook 2010 Service Pack 2 Elevation of Privilege Vulnerability (KB4022205)

This host is missing an important security update according to Microsoft KB4022205 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Microsoft Outlook 2013 Service Pack 1 Elevation of Privilege Vulnerability (KB4022169)

This host is missing an important security update according to Microsoft KB4022169 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Microsoft Outlook Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly. An attacker who successfully exploited the vulnerability could send an email with hidden attachments that would be opened or executed once a victim clicks a link within the email...

Security Updates for Outlook (June 2018)

The Microsoft Outlook application installed on the remote host is missing a security update. It is, therefore, affected by the following vulnerability : - An elevation of privilege vulnerability exists when Microsoft Outlook does not validate attachment headers properly. An attacker who...