DEBIAN-CVE-2022-0566

It may be possible for an attacker to craft an email message that causes Thunderbird to perform an out-of-bounds write of one byte when processing the message. This vulnerability affects Thunderbird 91.6.1...

webkitgtk: Processing a maliciously crafted mail message may lead to running arbitrary javascript

A vulnerability was found in WebKitGTK. The vulnerability exists due to improper input validation in WebKit when processing email messages. This flaw allows a remote attacker to trick the victim into opening a specially crafted email message and execute arbitrary JavaScript code...

Code injection

It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions...

UBUNTU-CVE-2021-36093

It's possible to create an email which can be stuck while being processed by PostMaster filters, causing DoS. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions; 8.0.x version 8.0.15 and prior versions...

SQL Injection in extension "Newsletter" (newsletter)

It has been discovered that the extension is susceptible to SQL Injection when processing bounced emails...

CVE-2021-21439

DoS attack can be performed when an email contains specially designed URL in the body. It can lead to the high CPU usage and cause low quality of service, or in extreme case bring the system to a halt. This issue affects: OTRS AG OTRS Community Edition 6.0.x version 6.0.1 and later versions. OTRS...

Microsoft Exchange Server Information Disclosure Vulnerability (CNVD-2020-57590)

Microsoft Exchange Server is a mail server and calendar server developed by Microsoft. An information disclosure vulnerability exists in Microsoft Exchange Server. The vulnerability stems from a problem with the way the product validates tokens when processing certain emails. An attacker could...

PT-2020-5857 · Dovecot +7 · Dovecot +7

Name of the Vulnerable Software and Affected Versions: Dovecot versions prior to 2.3.13 Description: The issue is related to insufficient input validation in the lda, lmtp, and imap components of the Dovecot mail server. This allows a remote attacker to cause a denial of service by crafting a...

CVE-2020-12100

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service resource consumption via a crafted e-mail message with deeply nested MIME parts...

CVE-2020-12782 Openfind MailGates - Command Injection

Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files...

Important: thunderbird

Issue Overview: When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird 68.5. CVE-2020-6792 When processing an email message with an ill-formed envelope, Thunderbird could read data from a random...

CVE-2020-3181

A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection AMP in Cisco AsyncOS Software for Cisco Email Security Appliances ESAs could allow an unauthenticated remote attacker to exhaust resources on an affected device. The vulnerability is due to insufficient...

Design/Logic Flaw

A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection AMP in Cisco AsyncOS Software for Cisco Email Security Appliances ESAs could allow an unauthenticated remote attacker to exhaust resources on an affected device. The vulnerability is due to insufficient...

CVE-2020-3181 Cisco Email Security Appliance Uncontrolled Resource Exhaustion Vulnerability

A vulnerability in the malware detection functionality in Cisco Advanced Malware Protection AMP in Cisco AsyncOS Software for Cisco Email Security Appliances ESAs could allow an unauthenticated remote attacker to exhaust resources on an affected device. The vulnerability is due to insufficient...

Memory corruption

When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird 68.5...

CVE-2020-6793

When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird 68.5...

DEBIAN-CVE-2019-11706

A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezonegetvtimezoneproperties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird 60.7.1...

CVE-2019-11705

A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecuraddbydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7.1...

CVE-2019-11706

A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezonegetvtimezoneproperties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird 60.7.1...

libical: Heap buffer overflow in icalmemory_strdup_and_dequote function in icalvalue.c

A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemorystrdupanddequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 60.7.1...