AZL-37062 CVE-2020-27748 affecting package xdg-utils 1.2.1-3

A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive fil...

CVE-2020-27748

A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive fil...

DEBIAN-CVE-2020-27748

A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive fil...

AZL-7424 CVE-2020-27748 affecting package xdg-utils 1.1.3-7

A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive fil...

CVE-2020-27748

A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive fil...

Directory traversal

Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code...

Microsoft Warns of Data Stealing Malware That Pretends to Be Ransomware

Microsoft on Thursday warned of a "massive email campaign" that's pushing a Java-based STRRAT malware to steal confidential data from infected systems while disguising itself as a ransomware infection. "This RAT is infamous for its ransomware-like behavior of appending the file name extension...

U.S. Dept Of Defense: IDOR while uploading ████ attachments at [█████████]

Description: There is an IDOR vulnerability in uploading attachments to the ████ section where an attacker can upload attachments in other user's █████████ if there is no attachment uploaded by a user. If this vulnerability will be used with a Race condition, it can allow an attacker to upload...

CVE-2020-14009

Proofpoint Enterprise Protection PPS/PoD before 8.16.4 contains a vulnerability that could allow an attacker to deliver an email message with a malicious attachment that bypasses scanning and file-blocking rules. The vulnerability exists because messages with certain crafted and malformed multipa...

Samsung Email Information Disclosure Vulnerability (CNVD-2021-39551)

Samsung Email application is a cell phone application from Samsung South Korea. It provides the function of sending and receiving e-mail. An information disclosure vulnerability exists in versions prior to Samsung Email 6.1.41.0, which can be exploited by a remote attacker to obtain attachments t...

CVE-2021-31865

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments...

Water Pamola Attacked Online Shops Via Malicious Orders

Since 2019, we have been tracking a threat campaign we dubbed as “Water Pamola.” The campaign initially compromised e-commerce online shops in Japan, Australia, and European countries via spam emails with malicious attachments...

CVE-2021-2181

Vulnerability in the Oracle Document Management and Collaboration product of Oracle E-Business Suite component: Attachments. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to...

CVE-2021-2181

Vulnerability in the Oracle Document Management and Collaboration product of Oracle E-Business Suite component: Attachments. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to...

Design/Logic Flaw

Vulnerability in the Oracle Document Management and Collaboration product of Oracle E-Business Suite component: Attachments. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite is based on the original Application ERP expansion, including ERP Enterprise Resource Planning, HR Human Resource Management, CRM Customer Relationship Management and so on a variety of management software collection, is seamlessly integrated with a management suite. Oracl...

CVE-2021-25375

Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment...

CVE-2021-25375

Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment...

Security Bulletin: Vulnerability in Apache CXF affects WebSphere Application Server (CVE-2019-12406)

Summary There is a denial of service in the Apache CXF library used by WebSphere Application Server. This has been addressed. Vulnerability Details CVEID: CVE-2019-12406 DESCRIPTION: Apache CXF before 3.3.4 and 3.2.11 does not restrict the number of message attachments present in a given message...

cve_manager_VS - A Collection Of Python Apps And Shell Scripts To Email An Xlsx Spreadsheet Of New Vulnerabilities In The NIST CVE Database And Their Associated Products On A Daily Schedule

A collection of python apps and shell scripts to email an xlsx spreadsheet of new vulnerabilities in the NIST CVE database and their associated products on a daily schedule. The spreadsheet can then be manually interpreted for risk to your specific organization. Based off of an opensource product...