16 matches found
EUVD-2025-206333
Next.js has Unbounded Memory Consumption via PPR Resume Endpoint...
EUVD-2022-6956
Malicious code in bioql PyPI...
CVE-2022-28220
Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests...
Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)
Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2019-9517 DESCRIPTION: Multiple...
Apache James vulnerable to buffering attack
Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests...
GHSA-W45J-F5G5-W94X Apache James vulnerable to buffering attack
Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests...
CVE-2022-28220
Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests...
CVE-2022-28220
Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests...
Command injection
Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests...
CVE-2022-28220
CVE-2022-28220 affects Apache James prior to release 3.6.3 and 3.7.1. The issue is a vulnerability in STARTTLS handling that enables a buffering attack. The root cause is related to a parser differential from CVE-2021-38542 and does not account for concurrent requests. The CVSS base score is 7.5 ...
CVE-2022-28220 STARTTLS command injection in Apache JAMES
Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests...
PT-2022-18884 · Apache · Apache James
Name of the Vulnerable Software and Affected Versions: Apache James versions prior to 3.6.3 Apache James versions prior to 3.7.1 Description: The issue is related to a buffering attack that relies on the use of the STARTTLS command. It is similar to a previously solved problem in Apache James...
CVE-2021-38542
Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...
CVE-2021-38542 Apache James vulnerable to STARTTLS command injection (IMAP and POP3)
Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...
CVE-2021-38542
CVE-2021-38542 concerns Apache James vulnerable to a buffering attack via STARTTLS. The core issue is in the handling of STARTTLS that could enable a MITM-related command injection and leakage of sensitive information. Multiple sources corroborate the STARTTLS-related buffering behavior and note ...
Security Bulletin: IBM Cloud Transformation Advisor is affected by vulnerabilities in WebSphere Application Server Liberty (CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9514, CVE-2019-9513)
Summary IBM Cloud Transformation Advisor has addressed following vulnerabilities: CVE-2019-9515, CVE-2019-9518, CVE-2019-9517, CVE-2019-9512, CVE-2019-9514, CVE-2019-9513 Vulnerability Details CVEID: CVE-2019-9515 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a...