607 matches found
CVE-2023-52195
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Posts to Page Kerry James allows Stored XSS.This issue affects Kerry James: from n/a through 1.7...
CVE-2023-51518
Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation. Note that by default JM...
CVE-2023-47556
Cross-Site Request Forgery CSRF vulnerability in James Mehorter Device Theme Switcher.This issue affects Device Theme Switcher: from n/a through 3.0.2...
CVE-2022-28220
Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests...
CVE-2021-38542
Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...
CVE-2004-2650
Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service memory consumption by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak...
The vulnerability of the Apache James software server for enterprise email deployment and management involves an uncontrolled resource consumption, allowing attackers to cause service failures.
The vulnerability of the Apache James software server for deployment and corporate email management is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...
The vulnerability of the Apache James deployment and corporate email management software lies in its insufficient validation of input data, allowing attackers to trigger service failures.
The vulnerability of the Apache James software for deploying and managing corporate email is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures...
USN-7427-1 dotnet8, dotnet9 vulnerability
James Newton-King discovered that .NET did not properly limit resource allocation when handling certain HTTP/3 requests. An attacker could possibly use this issue to cause a denial of service...
A Bootiful Podcast: AWS Developer Advocate and industry legend James Ward
Hi, Spring fans! In this installment I talk to AWS Developer Advocate and industry legend James Ward about AWS Bedrock, Amazon Cohere, Spring AI, MCP, and so much more!...
Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities
Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Google Guava and Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information. Pivota Spring...
Apache James Resource Management Error Vulnerability
Apache James is the United States Apache Apache Foundation of a completely written in Java open source Smtp and Pop3 mail transfer agent and Nntp news server . Apache James suffers from a Resource Management Error vulnerability that stems from uncontrolled resource consumption by the application,...
CVE-2023-26269
Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...
Denial Of Service (DoS)
Apache James Server is vulnerable to Denial of Service DoS. The vulnerability is due to unbounded memory consumption due to the JMAP HTML-to-plain-text conversion implementation failing to properly limit resource usage, potentially leading to service disruption...
CVE-2024-45626
Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue...
CVE-2024-37358
Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate...
org.apache.james.examples:custom-james-assembly (>=3.8.0 <=3.8.1), org.apache.james:apache-james-mpt-smtp-cassandra (>=3.8.0 <=3.8.1) +14 more potentially affected by CVE-2024-45626 via org.apache.james:james-server-jmap-draft (>=3.8.0 <=3.8.1)
org.apache.james:james-server-jmap-draft MAVEN version =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.1 and more Source cves: CVE-2024-45626 Source advisory:...
org.apache.james.examples:custom-james-assembly (>=3.7.0 <=3.7.5), org.apache.james:apache-james-mpt-smtp-cassandra (>=3.5.0 <=3.7.5) +19 more potentially affected by CVE-2024-45626 via org.apache.james:james-server-jmap-draft (>=3.5.0 <=3.7.5)
org.apache.james:james-server-jmap-draft MAVEN version =3.5.0, =3.7.0, =3.5.0, =3.5.0, =3.7.0, =3.5.0, =3.5.0, =3.5.0, =3.5.0, =3.7.0, =3.7.0, =3.6.0, =3.7.0, =3.5.0, =3.5.0, =3.7.5 and more Source cves: CVE-2024-45626 Source advisory:...
org.apache.james.examples:custom-james-assembly (>=3.7.0 <=3.7.5), org.apache.james:apache-james-mpt-smtp-cassandra (>=3.5.0 <=3.7.5) +19 more potentially affected by CVE-2024-45626 via org.apache.james:james-server-jmap-draft (>=3.5.0 <=3.7.5)
org.apache.james:james-server-jmap-draft MAVEN version =3.5.0, =3.7.0, =3.5.0, =3.5.0, =3.7.0, =3.5.0, =3.5.0, =3.5.0, =3.5.0, =3.7.0, =3.7.0, =3.6.0, =3.7.0, =3.5.0, =3.5.0, =3.7.5 and more Source cves: CVE-2024-45626 Source advisory: OSV:GHSA-57M2-H3FW-RXHW...
org.apache.james.examples:custom-imap (>=3.8.0 <=3.8.1), org.apache.james.examples:custom-james-assembly (>=3.8.0 <=3.8.1) +15 more potentially affected by CVE-2024-37358 via org.apache.james.protocols:protocols-imap (>=3.8.0 <=3.8.1)
org.apache.james.protocols:protocols-imap MAVEN version =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.1 and more Source cves: CVE-2024-37358 Source advisory: OSV:GHSA-56JP-W6VW-J3JW...