Lucene search
+L

192 matches found

Vulnrichment
Vulnrichment
added 2022/10/20 12:0 a.m.6 views

CVE-2022-3620 Exim DMARC dmarc.c dmarc_dns_lookup use after free

A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarcdnslookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is...

5.6CVSS7.2AI score0.00734EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/10/20 12:0 a.m.73 views

CVE-2022-3620 Exim DMARC dmarc.c dmarc_dns_lookup use after free

A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarcdnslookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is...

5.6CVSS9.7AI score0.00734EPSS
Exploits0References5
OSV
OSV
added 2022/10/20 12:0 a.m.21 views

CVE-2022-3620 Exim DMARC dmarc.c dmarc_dns_lookup use after free

A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarcdnslookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is...

5.6CVSS6AI score0.00734EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2022/10/20 12:0 a.m.66 views

CVE-2022-3620

A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarcdnslookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is...

9.8CVSS9.6AI score0.00734EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2022/08/31 12:0 a.m.4 views

PT-2022-5379 · Exim +1 · Exim +1

Name of the Vulnerable Software and Affected Versions: Exim affected versions not specified Description: The issue affects the function dmarc dns lookup of the file dmarc.c of the component DMARC Handler. This is related to a use after free condition, which can be exploited by a remote attacker t...

10CVSS8.5AI score0.03661EPSS
Exploits0References25
ThreatPost
ThreatPost
added 2022/08/02 11:2 p.m.57 views

Universities Put Email Users at Cyber Risk

Top U.S. universities are among the worst in the world at protecting users from email fraud, lacking security measures to prevent common threat tactics such as domain spoofing or other types of fraudulent emails, researchers have found. Ninety-seven percent of the top 10 universities in the Unite...

7.3AI score
Exploits0References6
OSV
OSV
added 2022/05/24 5:3 p.m.6 views

GHSA-VC42-MGR2-W34R Modoboa is vulnerable to an XML External Entity Injection (XXE)

The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML...

8.7CVSS7.6AI score0.01465EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/05/24 5:3 p.m.25 views

Modoboa is vulnerable to an XML External Entity Injection (XXE)

The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML...

7.5CVSS7.2AI score0.01465EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2022/03/16 12:15 a.m.23 views

CVE-2020-36519

Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs...

4.9CVSS0.00802EPSS
Exploits1References1
Prion
Prion
added 2022/03/16 12:15 a.m.17 views

Spoofing

Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs...

4CVSS5AI score0.00802EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/03/15 11:45 p.m.62 views

CVE-2020-36519

CVE-2020-36519 (Mimecast Email Security) : The vulnerability, affecting Mimecast Email Security prior to 2020-01-10, allows any administrator to spoof any domain and bypass DMARC alignment via SPF by abusing the address rewrite feature. The spoofed domain must be a customer in the Mimecast grid f...

4.9CVSS5AI score0.00802EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/03/15 11:45 p.m.13 views

CVE-2020-36519

Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs...

5AI score0.00802EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/03/15 12:0 a.m.3 views

Mimecast Email Security 安全漏洞

Mimecast Email Security is Mimecast's appliance for email security. A security vulnerability exists in Mimecast Email Security that allows any administrator to spoof any domain and pass DMARC alignment via SPF. This occurs through abuse of the address rewriting feature. The spoofed domain must be...

4.9CVSS5.4AI score0.00802EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.23 views

Mageia: Security Advisory (MGASA-2021-0462)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.4AI score0.03684EPSS
Exploits3References4
ThreatPost
ThreatPost
added 2022/01/26 7:37 p.m.24 views

Cybercriminals Love Supply-Chain Chaos: Here’s How to Protect Your Inbox

Over the last couple of months, the Zix Threat Research team has observed threat actors using new tactics to spoof logistics and supply-chain companies, hoping for an easy compromise. As we have seen throughout the COVID-19 pandemic, cybercriminals are flourishing in these times of upheaval, due ...

6.7AI score
Exploits0References2
Kitploit
Kitploit
added 2022/01/11 8:30 p.m.32 views

SpoofThatMail - Bash Script To Check If A Domain Or List Of Domains Can Be Spoofed Based In DMARC Records

Bash script to check if a domain or list of domains can be spoofed based in DMARC records File with domains: sh SpoofThatMail.sh -f domains.txt One single domain: sh SpoofThatMail.sh -d domain Download SpoofThatMail...

7.2AI score
Exploits0References1
Mageia
Mageia
added 2021/10/06 7:41 p.m.43 views

Updated opendmarc packages fix security vulnerability

OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field CVE-2019-20790. OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication...

9.8CVSS3.5AI score0.03684EPSS
Exploits3References2
OSV
OSV
added 2021/10/06 7:41 p.m.10 views

MGASA-2021-0462 Updated opendmarc packages fix security vulnerability

OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field CVE-2019-20790. OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication...

9.8CVSS7.6AI score0.03684EPSS
Exploits3References3
The Hacker News
The Hacker News
added 2021/09/27 11:21 a.m.33 views

How Does DMARC Prevent Phishing?

DMARC is a global standard for email authentication. It allows senders to verify that the email really comes from whom it claims to come from. This helps curb spam and phishing attacks, which are among the most prevalent cybercrimes of today. Gmail, Yahoo, and many other large email providers hav...

Exploits0
Microsoft Secure
Microsoft Secure
added 2021/09/01 4:0 p.m.40 views

Get free DMARC visibility with Valimail Authenticate and Microsoft Office 365

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Phishing and email spoofing not only erode brand trust but also leave recipients vulnerable to financial loss and serious invasions of privacy. These tactics have been around for...

7.3AI score
Exploits0
Rows per page
Query Builder