Lucene search
K

16 matches found

OSV
OSV
added 2024/08/05 7:15 p.m.29 views

CVE-2024-42009

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in messagebody in program/actions/mail/show.php...

9.3CVSS6.2AI score0.82853EPSS
Exploits6References6
Vulnrichment
Vulnrichment
added 2024/08/05 12:0 a.m.24 views

CVE-2024-42009

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in messagebody in program/actions/mail/show.php...

6.3AI score0.82853EPSS
Exploits6References5
Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.33 views

NewStart CGSL MAIN 6.02 : dovecot Multiple Vulnerabilities (NS-SA-2021-0054)

The remote NewStart CGSL host, running version MAIN 6.02, has dovecot packages installed that are affected by multiple vulnerabilities: - In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service resource consumption via a...

7.5CVSS6.7AI score0.06187EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2020/09/11 12:0 a.m.31 views

Oracle Linux 8 : dovecot (ELSA-2020-3713)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3713 advisory. - fix CVE-2020-12100 resource exhaustion via deeply nested MIME parts 1866755 - fix CVE-2020-12673 out of bound reads in dovecot NTLM implementation...

7.5CVSS6.8AI score0.06187EPSS
Exploits4References4
OpenVAS
OpenVAS
added 2020/01/06 12:0 a.m.29 views

Dovecot 1.2.x < 1.2.17 / 2.0.x < 2.0.13 DoS Vulnerability

Dovecot is prone to a Denial of Service vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you ca...

5CVSS5.3AI score0.0325EPSS
Exploits0References2
ALT Linux
ALT Linux
added 2017/09/25 12:0 a.m.56 views

Security fix for the ALT Linux 8 package clamav version 0.99.2-alt3

Sept. 25, 2017 Anton V. Boyarshinov 0.99.2-alt3 - Fixes: + CVE-2017-6418 remote attackers can cause a denial of service out-of-bounds read via a crafted e-mail message + CVE-2017-6420 remote attackers can cause a denial of service use-after-free via a crafted PE file with WWPack compression...

4.3CVSS5.7AI score0.01415EPSS
Exploits0
Cvelist
Cvelist
added 2017/08/07 3:0 a.m.23 views

CVE-2017-6418

libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service out-of-bounds read via a crafted e-mail message...

6AI score0.01415EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2017/08/07 3:0 a.m.30 views

CVE-2017-6418

libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service out-of-bounds read via a crafted e-mail message...

5.5CVSS6.2AI score0.01415EPSS
Exploits0
Cvelist
Cvelist
added 2016/06/29 2:0 p.m.29 views

CVE-2016-5101

Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted e-mail message...

8.9AI score0.02932EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2016/03/03 12:0 a.m.23 views

Cybozu Office <= 10.3.0 Information Disclosure Vulnerability

Cybozu Office is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cybozu:office"...

4.3CVSS4.5AI score0.01166EPSS
Exploits0References2
NVD
NVD
added 2015/11/11 12:59 p.m.26 views

CVE-2015-6123

Cross-site scripting XSS vulnerability in Microsoft Excel for Mac 2011 and Excel 2016 for Mac allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message that is mishandled by Outlook for Mac, aka "Microsoft Outlook for Mac Spoofing Vulnerability."...

4.3CVSS5.5AI score0.1115EPSS
Exploits0References3
Cvelist
Cvelist
added 2015/11/11 11:0 a.m.28 views

CVE-2015-6123

Cross-site scripting XSS vulnerability in Microsoft Excel for Mac 2011 and Excel 2016 for Mac allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message that is mishandled by Outlook for Mac, aka "Microsoft Outlook for Mac Spoofing Vulnerability."...

5.5AI score0.1115EPSS
Exploits0References3
Cvelist
Cvelist
added 2015/09/09 12:0 a.m.31 views

CVE-2015-2544

Cross-site scripting XSS vulnerability in Outlook Web Access OWA in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerability."...

5.4AI score0.09483EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2011/05/24 12:0 a.m.23 views

CVE-2011-1929

lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service daemon crash or mailbox corruption via a crafted e-mail message...

5CVSS5.9AI score0.0325EPSS
Exploits0References2
Prion
Prion
added 2009/04/29 3:30 p.m.18 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus SAV before 10.1 MR8, Symantec Endpoint Protection SEP 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject...

4.3CVSS6AI score0.02329EPSS
Exploits0References9Affected Software4
Cvelist
Cvelist
added 2009/04/29 3:0 p.m.30 views

CVE-2009-1428

Multiple cross-site scripting XSS vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus SAV before 10.1 MR8, Symantec Endpoint Protection SEP 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject...

5.7AI score0.02329EPSS
Exploits0References9
Rows per page
Query Builder