USN-8136-1: Dovecot vulnerabilities

It was discovered that Dovecot incorrectly handled invalid base64 SASL data. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-59028 It was discovered that Dovecot script decode2text.sh incorrectly handled zip files. An attacke...

USN-8136-1 dovecot vulnerabilities

It was discovered that Dovecot incorrectly handled invalid base64 SASL data. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-59028 It was discovered that Dovecot script decode2text.sh incorrectly handled zip files. An attacke...

Microsoft Office Outlook Code Execution

This proof-of-concept exploit demonstrates a code execution vulnerability in Microsoft Outlook. It injects a crafted mail item into Outlook containing a malicious sync path that triggers an action during scanning...

CVE-2024-31399

Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service DoS condition...

CVE-2024-31399

Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service DoS condition...

CVE-2024-31399

Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service DoS condition...

CVE-2024-31399

CVE-2024-31399 affects Cybozu Garoon 5.0.0 to 5.15.2, where processing a crafted email can cause denial-of-service due to excessive resource consumption in a loop. Root cause appears to be a resource-management issue in mail handling. Public sources (NVD/Red Hat/JVN) corroborate DoS impact on aff...

CVE-2023-26986

An issue in China Mobile OA Mailbox PC v2.9.23 allows remote attackers to execute arbitrary commands on a victim host via user interaction with a crafted EML file sent to their OA mailbox...

SUSE CVE-2022-22589

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript...

CVE-2022-26114

An improper neutralization of input during web page generation vulnerability CWE-79 in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated attacker to trigger a cross-site scripting XSS attack via sending specially crafted mail messages...

CVE-2022-26114

An improper neutralization of input during web page generation vulnerability CWE-79 in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated attacker to trigger a cross-site scripting XSS attack via sending specially crafted mail messages...

Ubuntu 20.04 LTS : WebKitGTK vulnerabilities (USN-5306-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5306-1 advisory. A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a...

Updated webkit2 packages fix security vulnerability

Processing a maliciously crafted mail message may lead to running arbitrary javascript. Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589 Processing maliciously crafted web content may lead to arbitrary code execution. Description: A use after free iss...

CVE-2021-44143

A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers i.e., one that starts with an empty line to provoke a heap overflow, which could conceivably be exploited for remote...

PT-2021-24041 · Isync +2 · Isync +2

Name of the Vulnerable Software and Affected Versions: isync versions 1.4.0 through 1.4.3 Description: A flaw was found in mbsync due to an unchecked condition, allowing a malicious or compromised IMAP server to use a crafted mail message that lacks headers to provoke a heap overflow, which could...

dovecot: Denial of service via mail MIME parsing

Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts...

CVE-2020-14932

An unsafe deserialization vulnerability was found in SquirrelMail. This flaw allows an authenticated user to craft malicious form data when submitting mail...

DEBIAN-CVE-2020-7247

smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration...

UBUNTU-CVE-2019-10740

In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the...

zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution

A buffer overflow flaw was found in the zsh shell check path functionality. A local, unprivileged user can create a specially crafted message file, which, if used to set a custom "you have new mail" message, leads to code execution in the context of the user who receives the message. If the user...