Lucene search
K

22 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2006-6414

Malware in sbrugna...

5CVSS6.4AI score0.01032EPSS
Exploits0References4
CNVD
CNVD
added 2025/06/06 12:0 a.m.3 views

FreeScout Cross-Site Scripting Vulnerability (CNVD-2025-20799)

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by email signatures. No detailed vulnerability...

6.3CVSS6.3AI score0.00134EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:39 a.m.7 views

CVE-2023-26428

Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared...

6.5CVSS6.9AI score0.00981EPSS
Exploits0References1
NVD
NVD
added 2023/06/20 8:15 a.m.15 views

CVE-2023-26428

Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared...

6.5CVSS6.4AI score0.00981EPSS
Exploits0References4
OSV
OSV
added 2023/06/20 8:15 a.m.5 views

CVE-2023-26428

Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly shared. We improved permission handling when requesting snippets that are not explicitly shared...

6.5CVSS5.8AI score0.00981EPSS
Exploits0References4
CVE
CVE
added 2023/06/20 7:51 a.m.45 views

CVE-2023-26428

CVE-2023-26428 affects Open-Xchange OX App Suite (OXAS-BACKEND). Affected component: snippet retrieval mechanism where attackers could request arbitrary snippet IDs, including other users’ email signatures within the same context, effectively reading non-shared content due to permission handling ...

6.5CVSS6.4AI score0.00981EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2023/06/20 12:0 a.m.4 views

Open-Xchange OX App Suite 安全漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange OX App Suite OXAS-BACKEND, which stems from the fact that an attacker can successfully request arbitrary fragment IDs, including email signatures...

6.5CVSS6.6AI score0.00981EPSS
Exploits0References7
OSV
OSV
added 2022/12/22 8:15 p.m.6 views

CVE-2021-4126

When receiving an OpenPGP/MIME signed email message that contains an additional outer MIME message layer, for example a message footer added by a mailing list gateway, Thunderbird only considered the inner signed message for the signature validity. This gave the false impression that the addition...

6.5CVSS9.1AI score
Exploits0References2
CNNVD
CNNVD
added 2022/06/28 12:0 a.m.2 views

Mozilla Thunderbird 数据伪造问题漏洞

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols, and HTML mail formats. Mozilla Thunderbird suffers from a data forgery vulnerability that stems from the fact...

6.5CVSS7.5AI score0.00409EPSS
Exploits0References18
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.21 views

Mageia: Security Advisory (MGASA-2018-0354)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.2AI score0.08654EPSS
Exploits1References5
CNVD
CNVD
added 2021/11/23 12:0 a.m.22 views

Open-xchange OX App Suite Cross-Site Scripting Vulnerability (CNVD-2021-90755)

Open-xchange OX App Suite is a Web cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A cross-site scripting vulnerability exists in Open-xchange OX App Suite, which can be exploited by...

6.1CVSS3.9AI score0.01261EPSS
Exploits3References1
CNNVD
CNNVD
added 2021/11/22 12:0 a.m.8 views

Open-xchange OX App Suite 跨站脚本漏洞

Open-xchange OX App Suite is a Web cloud desktop environment from Open-Xchange Open-xchange, a US-based company. The environment allows users to more intuitively manage email, tasks, files, etc. A cross-site scripting vulnerability exists in Open-xchange OX App Suite, which can be exploited by...

6.1CVSS5.4AI score0.01261EPSS
Exploits3References5
Prion
Prion
added 2019/08/05 7:15 p.m.12 views

Cross site scripting

An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed on the Preference page as well as while sending an email when a malicious payload was inserted inside the Email Signature in the Preference page. The attacker could insert malicious JavaScript inside his email signature, whi...

3.5CVSS5.2AI score0.01089EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2019/05/16 5:29 p.m.11 views

Code injection

The signature verification routine in the Airmail GPG-PGP Plugin, versions 1.0 9 and earlier, does not verify the status of the signature at all, which allows remote attackers to spoof arbitrary email signatures by crafting a signed email with an invalid signature. Also, it does not verify the...

4.3CVSS5.8AI score0.01729EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2019/05/16 4:2 p.m.19 views

CVE-2019-8338

The signature verification routine in the Airmail GPG-PGP Plugin, versions 1.0 9 and earlier, does not verify the status of the signature at all, which allows remote attackers to spoof arbitrary email signatures by crafting a signed email with an invalid signature. Also, it does not verify the...

5.8AI score0.01729EPSS
Exploits0References6
OSV
OSV
added 2018/08/23 11:35 p.m.5 views

MGASA-2018-0354 Updated thunderbird packages fix security vulnerabilities

Updated thunderbird package fixes security vulnerabilities: Spoofing of Email signatures II: The signature verification routine in Enigmail interpreted User IDs as status/control messages and did not correctly keep track of the status of multiple signatures. This allowed remote attackers to spoof...

7.5CVSS7.8AI score0.08654EPSS
Exploits1References4
Prion
Prion
added 2018/06/13 11:29 p.m.25 views

Code injection

The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids...

5CVSS7.5AI score0.02143EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2018/06/13 11:29 p.m.1 views

DEBIAN-CVE-2018-12019

The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids...

7.5CVSS7.3AI score0.02143EPSS
Exploits1References1
OSV
OSV
added 2018/06/13 11:29 p.m.9 views

CVE-2018-12019

The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids...

7.5CVSS7.6AI score
Exploits0References7
Debian CVE
Debian CVE
added 2018/06/13 11:0 p.m.28 views

CVE-2018-12019

The signature verification routine in Enigmail before 2.0.7 interprets user ids as status/control messages and does not correctly keep track of the status of multiple signatures, which allows remote attackers to spoof arbitrary email signatures via public keys containing crafted primary user ids...

7.5CVSS7.7AI score0.02143EPSS
Exploits1
Rows per page
Query Builder