UBUNTU-CVE-2026-27859

A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed...

EUVD-2025-199813

Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has been updated to avoid such bypasses. No publicly available exploits are known...

CVE-2025-30190

Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available...

CVE-2025-30191

Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments are now denied by the sanitization procedur...

CVE-2023-26435

It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Attackers could discover restricted network topology and services as well as including local files with read permissions of the open-xchange system user. This was limite...

CVE-2023-26454

Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could b...

Critical vulnerabilities in SICK DL100-2xxxxxxx

Critical vulnerabilities have been found in the SICK device DL100-2xxxxxxx. If exploited, this potentially allows an attacker to impact availabiltiy, integrity and confidentaility of the products. Currently, SICK is not aware of any public exploits specifically targeting these vulnerabilities. As...

GitLab 13.2.4 < 17.4.5 / 17.5 < 17.5.3 / 17.6 < 17.6.1 (CVE-2024-11828)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Inefficient Algorithmic Complexity in GitLab CVE-2024-11828 Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...

PT-2024-38578 · Axis Communications · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS affected versions not specified Description: A flaw was found in the protection for device tampering, commonly known as Secure Boot, in AXIS OS, making it vulnerable to a sophisticated attack to bypass this protection. To the vendor's...

AZL-69869 CVE-2024-25584 affecting package dovecot 2.3.20-1

Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be CR LF DOT CR LF. This causes Dovecot to convert single mail with LF DOT LF in middle, into two emails when relaying to SMTP. Dovecot will split mail with LF DOT LF into two mails. Upgrade to latest...

UBUNTU-CVE-2024-25584

Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be CR LF DOT CR LF. This causes Dovecot to convert single mail with LF DOT LF in middle, into two emails when relaying to SMTP. Dovecot will split mail with LF DOT LF into two mails. Upgrade to latest...

PT-2024-19705 · Open Xchange Gmbh · Ox App Suite

Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned in the provided descriptions. Description: Embedded content references at tasks could be used to temporarily execute script code in the context of the user's browser session. To...

PT-2024-19709 · Open Xchange Gmbh · Ox App Suite

Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned in the provided descriptions. Description: The issue concerns RSS feeds that contain malicious data attributes, which could be used to inject script code into a user's browser...

PT-2024-12961 · Softwarex · Softwarex

Name of the Vulnerable Software and Affected Versions: SoftwareX affected versions not specified Description: The issue arises from the improper sanitization of User ID references at mentions in document comments, allowing script code to be injected into a user's session when working with a...

CVE-2023-5553

During internal Axis Security Development Model ASDM threat-modelling, a flaw was found in the protection for device tampering commonly known as Secure Boot in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the...

CVE-2023-29046

Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of...

PT-2023-9151 · Unknown · Open-Xchange

Name of the Vulnerable Software and Affected Versions: Open-Xchange affected versions not specified Description: A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Users and attackers could run...

AST-2012-006: Remote Crash Vulnerability in SIP Channel Driver

Asterisk Project Security Advisory - AST-2012-006 Product Asterisk Summary Remote Crash Vulnerability in SIP Channel Driver Nature of Advisory Remote Crash Susceptibility Remote Authenticated Sessions Severity Moderate Exploits Known No Reported On April 16, 2012 Reported By Thomas Arimont Posted...

AST-2011-013: Possible remote enumeration of SIP endpoints with differing NAT settings

Asterisk Project Security Advisory - AST-2011-013 Product Asterisk Summary Possible remote enumeration of SIP endpoints with differing NAT settings Nature of Advisory Unauthorized data disclosure Susceptibility Remote unauthenticated sessions Severity Minor Exploits Known Yes Reported On 2011-07-...

AST-2011-002: Multiple array overflow and crash vulnerabilities in UDPTL code

Asterisk Project Security Advisory - AST-2011-002 Product Asterisk Summary Multiple array overflow and crash vulnerabilities in UDPTL code Nature of Advisory Exploitable Stack and Heap Array Overflows Susceptibility Remote Unauthenticated Sessions Severity Critical Exploits Known No Reported On...