Lucene search
+L

36 matches found

osv
osv
added 2026/03/31 9:48 a.m.9 views

USN-8136-1 dovecot vulnerabilities

It was discovered that Dovecot incorrectly handled invalid base64 SASL data. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-59028 It was discovered that Dovecot script decode2text.sh incorrectly handled zip files. An attacke...

8.2CVSS6AI score0.0079EPSS
Exploits7References12
ubuntu
ubuntu
added 2026/03/31 9:48 a.m.8 views

USN-8136-1: Dovecot vulnerabilities

It was discovered that Dovecot incorrectly handled invalid base64 SASL data. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-59028 It was discovered that Dovecot script decode2text.sh incorrectly handled zip files. An attacke...

8.2CVSS6AI score0.0079EPSS
Exploits7
packetstormnews
packetstormnews
added 2025/07/10 12:0 a.m.7 views

Microsoft Office Outlook Code Execution

This proof-of-concept exploit demonstrates a code execution vulnerability in Microsoft Outlook. It injects a crafted mail item into Outlook containing a malicious sync path that triggers an action during scanning...

6.7CVSS7.2AI score0.01379EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/23 8:48 a.m.7 views

CVE-2024-31399

Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service DoS condition...

6.5CVSS6.4AI score0.00367EPSS
Exploits0References1
osv
osv
added 2024/06/11 6:15 a.m.7 views

CVE-2024-31399

Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service DoS condition...

6.5CVSS5.8AI score0.00367EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/06/11 5:34 a.m.21 views

CVE-2024-31399

Excessive platform resource consumption within a loop issue exists in Cybozu Garoon 5.0.0 to 5.15.2. If this vulnerability is exploited, processing a crafted mail may cause a denial-of-service DoS condition...

6.7AI score0.00367EPSS
Exploits0References2
cve
cve
added 2024/06/11 5:34 a.m.68 views

CVE-2024-31399

CVE-2024-31399 affects Cybozu Garoon 5.0.0 to 5.15.2, where processing a crafted email can cause denial-of-service due to excessive resource consumption in a loop. Root cause appears to be a resource-management issue in mail handling. Public sources (NVD/Red Hat/JVN) corroborate DoS impact on aff...

6.5CVSS6.7AI score0.00367EPSS
Exploits0References2Affected Software1
osv
osv
added 2023/04/10 4:15 p.m.8 views

CVE-2023-26986

An issue in China Mobile OA Mailbox PC v2.9.23 allows remote attackers to execute arbitrary commands on a victim host via user interaction with a crafted EML file sent to their OA mailbox...

7.8CVSS7.4AI score0.00508EPSS
Exploits1References2
susecve
susecve
added 2023/02/15 3:28 a.m.5 views

SUSE CVE-2022-22589

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript...

7.1CVSS6.4AI score0.01973EPSS
Exploits0References7
osv
osv
added 2022/09/06 4:15 p.m.7 views

CVE-2022-26114

An improper neutralization of input during web page generation vulnerability CWE-79 in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated attacker to trigger a cross-site scripting XSS attack via sending specially crafted mail messages...

6.1CVSS5.7AI score0.00403EPSS
Exploits0References1
attackerkb
attackerkb
added 2022/09/06 4:15 p.m.11 views

CVE-2022-26114

An improper neutralization of input during web page generation vulnerability CWE-79 in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated attacker to trigger a cross-site scripting XSS attack via sending specially crafted mail messages...

6.1CVSS5.8AI score0.00403EPSS
Exploits0References2Affected Software1
nessus
nessus
added 2022/02/28 12:0 a.m.36 views

Ubuntu 20.04 LTS : WebKitGTK vulnerabilities (USN-5306-1)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5306-1 advisory. A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a...

8.8CVSS6.9AI score0.01973EPSS
Exploits0References4
mageia
mageia
added 2022/02/12 5:31 p.m.57 views

Updated webkit2 packages fix security vulnerability

Processing a maliciously crafted mail message may lead to running arbitrary javascript. Description: A validation issue was addressed with improved input sanitization. CVE-2022-22589 Processing maliciously crafted web content may lead to arbitrary code execution. Description: A use after free iss...

8.8CVSS1.9AI score0.01973EPSS
Exploits0References3
attackerkb
attackerkb
added 2021/11/22 8:15 p.m.4 views

CVE-2021-44143

A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers i.e., one that starts with an empty line to provoke a heap overflow, which could conceivably be exploited for remote...

9.8CVSS7.5AI score0.03662EPSS
Exploits0References10
ubuntucve
ubuntucve
added 2021/11/22 8:15 p.m.40 views

CVE-2021-44143

A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers i.e., one that starts with an empty line to provoke a heap overflow, which could conceivably be exploited for remote...

9.8CVSS7.3AI score0.03662EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2021/11/22 12:0 a.m.6 views

PT-2021-24041 · Isync +2 · Isync +2

Name of the Vulnerable Software and Affected Versions: isync versions 1.4.0 through 1.4.3 Description: A flaw was found in mbsync due to an unchecked condition, allowing a malicious or compromised IMAP server to use a crafted mail message that lacks headers to provoke a heap overflow, which could...

9.8CVSS7AI score0.03662EPSS
Exploits0References25
redhat
redhat
added 2021/05/18 2:57 p.m.4 views

dovecot: Denial of service via mail MIME parsing

Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts...

7.5CVSS7.4AI score0.0466EPSS
Exploits1References5
redhatcve
redhatcve
added 2020/06/23 4:55 p.m.29 views

CVE-2020-14932

An unsafe deserialization vulnerability was found in SquirrelMail. This flaw allows an authenticated user to craft malicious form data when submitting mail...

7.5CVSS3AI score0.01431EPSS
Exploits0References3
osv
osv
added 2020/01/29 4:15 p.m.2 views

DEBIAN-CVE-2020-7247

smtpmailaddr in smtpsession.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration...

9.8CVSS9AI score0.98946EPSS
Exploits27References1
osv
osv
added 2019/04/07 3:29 p.m.5 views

UBUNTU-CVE-2019-10740

In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the...

4.3CVSS6.7AI score0.00771EPSS
Exploits1References4
Rows per page
Query Builder