6 matches found
Inadequate Encryption Strength
Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...
Remote command injection when using sendmail email transport
Impact Sites using the sendmail transport as part of their mail config are vulnerable to remote command injection due to a vulnerability in the nodemailer dependency. Ghost defaults to the direct transport so this is only exploitable if the sendmail transport is explicitly used. Patches Fixed in...
GHSA-WFRJ-QQC2-83CM Remote command injection when using sendmail email transport
Impact Sites using the sendmail transport as part of their mail config are vulnerable to remote command injection due to a vulnerability in the nodemailer dependency. Ghost defaults to the direct transport so this is only exploitable if the sendmail transport is explicitly used. Patches Fixed in...
Unauthorized Access Vulnerability in PowerMTA
PowerMTA is an enterprise-class email transport agent MTA for sending high-volume and mission-critical email. An unauthorized access vulnerability exists in PowerMTA. An attacker could exploit the vulnerability to obtain sensitive information, modify configuration, etc...
Arbitrary File Read Vulnerability in PowerMTA
PowerMTA is an enterprise-class email transport agent MTA for sending high-volume and mission-critical email. An arbitrary file read vulnerability exists in PowerMTA. An attacker can exploit the vulnerability to obtain arbitrary files...
New .Secure Global TLD Proposed
A group of security experts is working to put together a new global TLD that will require companies and individuals applying for domains to adhere to strict security policies and requirements. The proposed .secure TLD is intended to be a known safe group of domains and would include mandatory use...