EUVD-2020-21453

Malware in sbrugna...

EUVD-2002-0138

Malware in sbrugna...

CVE-2019-5408

Command View Advanced Edition CVAE products contain a vulnerability that could expose configuration information of hosts and storage systems that are managed by Device Manager server. This problem is due to a vulnerability in Device Manager GUI. The following products are affected. DevMgr version...

KaTeX 安全漏洞

KaTeX is a fast, easy-to-use JavaScript library open-sourced by KaTeX for TeX math rendering on the web. A security vulnerability exists in KaTeX prior to version v0.16.21, which stems from the htmlData command that allows embedding of HTML data, and an improper configuration of the trust option...

CVE-2024-25584

Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be CR LF DOT CR LF. This causes Dovecot to convert single mail with LF DOT LF in middle, into two emails when relaying to SMTP. Dovecot will split mail with LF DOT LF into two mails. Upgrade to latest...

CVE-2024-25584

Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be CR LF DOT CR LF. This causes Dovecot to convert single mail with LF DOT LF in middle, into two emails when relaying to SMTP. Dovecot will split mail with LF DOT LF into two mails. Upgrade to latest...

CVE-2024-25584

CVE-2024-25584 — Dovecot input handling vulnerability : Dovecot accepts the sequence “dot LF DOT LF” as an end of DATA command, whereas RFCs require CR LF DOT CR LF. This leads to mail relays potentially splitting a single message into two emails when relayed via SMTP. Affected component is the D...

CVE-2024-25584

Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be CR LF DOT CR LF. This causes Dovecot to convert single mail with LF DOT LF in middle, into two emails when relaying to SMTP. Dovecot will split mail with LF DOT LF into two mails. Upgrade to latest...

Dovecot 安全漏洞

Dovecot is Dovecot Open Source an open source IMAP and POP3 mail server based on Linux/UNIX-like systems. A security vulnerability exists in Dovecot that stems from a non-RFC-compliant recognition of the DATA command end symbol, which causes a single message containing the LF DOT LF to be...

CVE-2023-52454 nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmettcpbuildpduiovec. Unable to handle kernel NULL pointer dereference a...

CVE-2023-21508

Out-of-bounds Write vulnerability while processing BCTUICMDSENDRESOURCEDATA command in bctui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code...

CVE-2020-7619

get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data...

DEBIAN-CVE-2017-16943

The receivemsg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service use-after-free via vectors involving BDAT commands...

Ipswitch IMail Server List Mailer Reply-To Address Buffer Overflow

Ipswitch IMail server is a messaging service suite that supports numerous Internet standard electronic mail exchanging protocols. The IMail IMAP server is an implementation of the server side of the IMAP protocol. A Buffer overflow vulnerability has been reported in Ipswitch IMail Server List...

CVE-2008-2784

The smtpfilter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT...

Command injection

The smtpfilter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT...

CVE-2008-2784

The smtpfilter function in spamdyke before 3.1.8 does not filter RCPT commands after encountering the first DATA command, which allows remote attackers to use the server as an open mail relay by sending RCPT commands with invalid recipients, followed by a DATA command, followed by arbitrary RCPT...

FreeBSD : spamdyke -- open relay (555ac165-2bee-11dd-bbdc-00e0815b8da8)

Spamdyke Team reports : Fixed smtpfilter to reject the DATA command if no valid recipients have been specified. Otherwise, a specific scenario could result in every spamdyke installation being used as an open relay. If the remote server connects and gives one or more recipients that are rejected...

spamdyke -- open relay

Spamdyke Team reports: Fixed smtpfilter to reject the DATA command if no valid recipients have been specified. Otherwise, a specific scenario could result in every spamdyke installation being used as an open relay. If the remote server connects and gives one or more recipients that are rejected f...

CVE-2002-0138

CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via the show-data command...