[SECURITY] Fedora 41 Update: thunderbird-128.9.2-1.fc41

Mozilla Thunderbird is a standalone mail and newsgroup client...

SMTP end-of-data uncertainty can be abused to spoof emails and bypass policies

Overview A vulnerability has been found in the way that SMTP servers and software handle the end-of-data sequences essentially the end of a single email message in mail messages. An attacker can use this inconsistency to craft an email message that can bypass SMTP security policies. Description...

Zero-Day Flaw in Zimbra Email Software Exploited by Four Hacker Groups

A zero-day flaw in the Zimbra Collaboration email software was exploited by four different groups in real-world attacks to pilfer email data, user credentials, and authentication tokens. "Most of this activity occurred after the initial fix became public on GitHub," Google Threat Analysis Group T...

Zimbra Warns of Critical Zero-Day Flaw in Email Software Amid Active Exploitation

Zimbra has warned of a critical zero-day security flaw in its email software that has come under active exploitation in the wild. "A security vulnerability in Zimbra Collaboration Suite Version 8.8.15 that could potentially impact the confidentiality and integrity of your data has surfaced," the...

GHSA-MJVM-MHGC-Q4GP Incorrect parsing of EVM reversion exit reason in RPC

Impact A low severity security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this would cause an overflow panic. No action is...

Insecure Encryption

thunderbird uses insecure encryption. The vulnerability exists due to the incorrect security status shown after viewing an attached email...

HackerOne: Indexing of urls on the "External link warning" pages discloses many vulnerable endpoints from the past and unlisted videos/photos

@nagli found a misconfiguration in an interstitial page that could lead to a link to be indexed by a 3rd party. This could have exposed links to proof of concepts that HackerOne users had posted on hackerone.com. This affected a specific set of customers, which HackerOne worked together with to...

HCL Notes Cross-Site Scripting Vulnerability (CNVD-2021-13721)

HCL Notes is an email software from HCL India. The software supports access to emails, calendars, contacts and more. A cross-site scripting vulnerability exists in HCL iNotes. An attacker can exploit the vulnerability to obtain a user's cookie-based authentication credentials...

HCL Notes Information Disclosure Vulnerability

HCL Notes is an email software from HCL India. The software supports access to emails, calendars, contacts and more. An information disclosure vulnerability exists in HCL Notes versions 9, 10 and 11. The vulnerability stems from errors such as configuration during operation of a networked system ...

The vulnerability of the Microsoft SharePoint Enterprise Server software and the Microsoft SharePoint Foundation email messaging software lies in its ability to allow unlimited download of files of a dangerous type, enabling an intruder to gain unauthorized access to protected information.

The vulnerability of the Microsoft SharePoint Enterprise Server software and the Microsoft SharePoint Foundation email messaging software is related to the unlimited download of sensitive files. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected...

Microsoft Tuesday August 2018

Microsoft released its monthly set of security advisories today for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 62 new vulnerabilities, 20 of which are rated “critical,” 38 that are rated “important,” one that is rated...

Hexamail Server 4.4.5 Cross Site Scripting

Title: Hexamail Server meal.txt XSS pop up alert'Hi, what is this?'; root@bt:/ Send email to the victim: root@bt:/ sendemail -f [email protected] -t [email protected] -xu [email protected] \ -xp bob123 -u "Want some meal..?" -o message-file=meal.txt -s mail.examp...

JVN#72541530: Active! mail 6 vulnerable to HTTP header injection

Active! mail 6 from TransWARE Co. is a web-based email software. Active! mail 6 contains a HTTP header injection vulnerability. Impact Falsified information may be displayed or an arbitrary script may be executed on the user's web browser. HTTP response splitting attacks are also possible. Soluti...