Lucene search
K

5 matches found

Tenable Nessus
Tenable Nessus
added 2022/04/17 12:0 a.m.28 views

FreeBSD : Nextcloud Calendar -- SMTP Command Injection (2a314635-be46-11ec-a06f-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2a314635-be46-11ec-a06f-d4c9ef517024 advisory. - Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in...

9.8CVSS8.5AI score0.32348EPSS
Exploits0References3
NVD
NVD
added 2022/04/11 9:15 p.m.28 views

CVE-2022-24838

Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO:...

9.8CVSS0.32348EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/04/11 8:25 p.m.7 views

CVE-2022-24838 Command Injection in Appointment Emails for Nextcloud Calendar

Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO:...

5.3CVSS9.8AI score0.32348EPSS
Exploits0References3
CVE
CVE
added 2022/04/11 8:25 p.m.128 views

CVE-2022-24838

The CVE-2022-24838 issue affects Nextcloud Calendar (the calendar app for Nextcloud). The vulnerability arises because newlines and special characters in the email value within the JSON request are not sanitized, allowing an attacker to break out of the SMTP command RCPT TO: and inject arbitrary ...

9.8CVSS7.7AI score0.32348EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/04/11 8:25 p.m.33 views

CVE-2022-24838 Command Injection in Appointment Emails for Nextcloud Calendar

Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO:...

5.3CVSS10AI score0.32348EPSS
Exploits0References3
Rows per page
Query Builder