22 matches found
EUVD-2020-20516
Malware in sbrugna...
CVE-2020-28025
Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkimfinishbodyhash does not validate the relationship between sig-bodyhash.len and b-bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory...
Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials
In what has been described as an "extremely sophisticated phishing attack," threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google's infrastructure and redirect message recipients to fraudulent sites that harvest their credentials. "The first thing to no...
Debian dla-3680 : libopendkim-dev - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3680 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3680-1 [email protected] https://www.debian.org/lts/security/...
CVE-2022-48521
An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely...
Authentication flaw
An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely...
CVE-2022-48521
An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely...
CVE-2022-48521
An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely...
CVE-2022-48521
OpenDKIM CVE-2022-48521 affects OpenDKIM up to 2.10.3 and 2.11.x up to 2.11.0-Beta2. The issue: OpenDKIM fails to track ordinal numbers when removing fake Authentication-Results header fields, allowing a remote attacker to craft an email that appears to have a valid DKIM signature when it does no...
CVE-2022-48521
An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely...
CVE-2022-48521
An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely...
Exim Out-of-Bounds Read Vulnerability
Exim was developed at Cambridge University as a Message Transfer Agent MTA for Unix systems connected to the Internet. Exim suffers from an out-of-bounds read vulnerability that stems from pdkimfinishbodyhash not validating the relationship between sig-bodyhash.len and b-bh.len, which can be...
CVE-2020-28025
Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkimfinishbodyhash does not validate the relationship between sig-bodyhash.len and b-bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory...
Design/Logic Flaw
Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkimfinishbodyhash does not validate the relationship between sig-bodyhash.len and b-bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory...
CVE-2020-28025
Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkimfinishbodyhash does not validate the relationship between sig-bodyhash.len and b-bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory...
CVE-2020-28025
Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkimfinishbodyhash does not validate the relationship between sig-bodyhash.len and b-bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory...
CVE-2020-28025
Exim 4 prior to 4.94.2 is affected by CVE-2020-28025 (Out-of-bounds Read). The flaw is due to pdkim_finish_bodyhash not validating the relationship between sig->bodyhash.len and b->bh.len, which can allow leakage of sensitive information from process memory via a crafted DKIM-Signature head...
CVE-2020-28025
Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkimfinishbodyhash does not validate the relationship between sig-bodyhash.len and b-bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory...
CVE-2020-28025
Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkimfinishbodyhash does not validate the relationship between sig-bodyhash.len and b-bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory...
Mail.ru: An implementation flaw in Mail.ru can be exploited for DKIM signature spoofing and email spoofing
Domain, site, application -- https://e.mail.ru Quick note: this report is different from my previous report Report 727233 , and is not policy configuration or enforcement issue as well. TL;DR --------- This report disclosure an implementation bug, which chains multiple features in the Mail.ru...