Lucene search
K

607 matches found

redhatcve
redhatcve
added 2025/05/23 5:25 a.m.6 views

CVE-2023-52195

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Posts to Page Kerry James allows Stored XSS.This issue affects Kerry James: from n/a through 1.7...

6.5CVSS6.7AI score0.00328EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 5:0 a.m.8 views

CVE-2023-51518

Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation. Note that by default JM...

9.8CVSS6.7AI score0.01189EPSS
Exploits0
redhatcve
redhatcve
added 2025/05/23 1:58 a.m.8 views

CVE-2023-47556

Cross-Site Request Forgery CSRF vulnerability in James Mehorter Device Theme Switcher.This issue affects Device Theme Switcher: from n/a through 3.0.2...

8.8CVSS8AI score0.00294EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 1:4 a.m.7 views

CVE-2022-28220

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests...

7.5CVSS6.7AI score0.02347EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 9:26 p.m.7 views

CVE-2021-38542

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...

5.9CVSS6.8AI score0.02347EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/21 9:31 p.m.6 views

CVE-2004-2650

Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service memory consumption by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak...

4.9CVSS6.5AI score0.00561EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2025/05/06 12:0 a.m.6 views

The vulnerability of the Apache James software server for enterprise email deployment and management involves an uncontrolled resource consumption, allowing attackers to cause service failures.

The vulnerability of the Apache James software server for deployment and corporate email management is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

7.8CVSS5.5AI score0.00769EPSS
Exploits0References2Affected Software1
bdu_fstec
bdu_fstec
added 2025/05/06 12:0 a.m.5 views

The vulnerability of the Apache James deployment and corporate email management software lies in its insufficient validation of input data, allowing attackers to trigger service failures.

The vulnerability of the Apache James software for deploying and managing corporate email is related to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to cause service failures...

8.6CVSS5.5AI score0.00856EPSS
Exploits0References2Affected Software1
osv
osv
added 2025/04/08 9:14 p.m.5 views

USN-7427-1 dotnet8, dotnet9 vulnerability

James Newton-King discovered that .NET did not properly limit resource allocation when handling certain HTTP/3 requests. An attacker could possibly use this issue to cause a denial of service...

7.5CVSS5.8AI score0.0154EPSS
Exploits0References2
spring
spring
added 2025/04/04 12:0 a.m.11 views

A Bootiful Podcast: AWS Developer Advocate and industry legend James Ward

Hi, Spring fans! In this installment I talk to AWS Developer Advocate and industry legend James Ward about AWS Bedrock, Amazon Cohere, Spring AI, MCP, and so much more!...

7.2AI score
Exploits0
ibm
ibm
added 2025/03/26 3:54 a.m.64 views

Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities

Summary There are multiple vulnerabilities in components of IBM i Modernization Engine for Lifecycle Integration as described in the Vulnerability Details section. Google Guava and Apache James MIME4J could allow a local authenticated attacker to obtain sensitive information. Pivota Spring...

9.8CVSS9.2AI score0.32257EPSS
Exploits4Affected Software1
cnvd
cnvd
added 2025/02/18 12:0 a.m.10 views

Apache James Resource Management Error Vulnerability

Apache James is the United States Apache Apache Foundation of a completely written in Java open source Smtp and Pop3 mail transfer agent and Nntp news server . Apache James suffers from a Resource Management Error vulnerability that stems from uncontrolled resource consumption by the application,...

7.5CVSS7AI score0.00769EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/14 9:46 a.m.8 views

CVE-2023-26269

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...

7.8CVSS7.2AI score0.00654EPSS
Exploits0References1
veracode
veracode
added 2025/02/11 11:34 a.m.7 views

Denial Of Service (DoS)

Apache James Server is vulnerable to Denial of Service DoS. The vulnerability is due to unbounded memory consumption due to the JMAP HTML-to-plain-text conversion implementation failing to properly limit resource usage, potentially leading to service disruption...

7.5CVSS6.7AI score0.00769EPSS
Exploits0References7Affected Software1
redhatcve
redhatcve
added 2025/02/08 11:22 a.m.12 views

CVE-2024-45626

Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue...

7.5CVSS6.5AI score0.00769EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/08 11:22 a.m.9 views

CVE-2024-37358

Similarly to CVE-2024-34055, Apache James is vulnerable to denial of service through the abuse of IMAP literals from both authenticated and unauthenticated users, which could be used to cause unbounded memory allocation and very long computations Version 3.7.6 and 3.8.2 restrict such illegitimate...

8.6CVSS6.4AI score0.00856EPSS
Exploits0References1
vulnersosv
vulnersosv
added 2025/02/06 12:31 p.m.8 views

org.apache.james.examples:custom-james-assembly (>=3.8.0 <=3.8.1), org.apache.james:apache-james-mpt-smtp-cassandra (>=3.8.0 <=3.8.1) +14 more potentially affected by CVE-2024-45626 via org.apache.james:james-server-jmap-draft (>=3.8.0 <=3.8.1)

org.apache.james:james-server-jmap-draft MAVEN version =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.1 and more Source cves: CVE-2024-45626 Source advisory:...

7.5CVSS5.8AI score0.00769EPSS
Exploits0
vulnersosv
vulnersosv
added 2025/02/06 12:31 p.m.11 views

org.apache.james.examples:custom-james-assembly (>=3.7.0 <=3.7.5), org.apache.james:apache-james-mpt-smtp-cassandra (>=3.5.0 <=3.7.5) +19 more potentially affected by CVE-2024-45626 via org.apache.james:james-server-jmap-draft (>=3.5.0 <=3.7.5)

org.apache.james:james-server-jmap-draft MAVEN version =3.5.0, =3.7.0, =3.5.0, =3.5.0, =3.7.0, =3.5.0, =3.5.0, =3.5.0, =3.5.0, =3.7.0, =3.7.0, =3.6.0, =3.7.0, =3.5.0, =3.5.0, =3.7.5 and more Source cves: CVE-2024-45626 Source advisory:...

7.5CVSS5.8AI score0.00769EPSS
Exploits0
vulnersosv
vulnersosv
added 2025/02/06 12:31 p.m.7 views

org.apache.james.examples:custom-james-assembly (>=3.7.0 <=3.7.5), org.apache.james:apache-james-mpt-smtp-cassandra (>=3.5.0 <=3.7.5) +19 more potentially affected by CVE-2024-45626 via org.apache.james:james-server-jmap-draft (>=3.5.0 <=3.7.5)

org.apache.james:james-server-jmap-draft MAVEN version =3.5.0, =3.7.0, =3.5.0, =3.5.0, =3.7.0, =3.5.0, =3.5.0, =3.5.0, =3.5.0, =3.7.0, =3.7.0, =3.6.0, =3.7.0, =3.5.0, =3.5.0, =3.7.5 and more Source cves: CVE-2024-45626 Source advisory: OSV:GHSA-57M2-H3FW-RXHW...

7.5CVSS5.8AI score0.00769EPSS
Exploits0
vulnersosv
vulnersosv
added 2025/02/06 12:31 p.m.7 views

org.apache.james.examples:custom-imap (>=3.8.0 <=3.8.1), org.apache.james.examples:custom-james-assembly (>=3.8.0 <=3.8.1) +15 more potentially affected by CVE-2024-37358 via org.apache.james.protocols:protocols-imap (>=3.8.0 <=3.8.1)

org.apache.james.protocols:protocols-imap MAVEN version =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.0, =3.8.1 and more Source cves: CVE-2024-37358 Source advisory: OSV:GHSA-56JP-W6VW-J3JW...

8.6CVSS5.8AI score0.00856EPSS
Exploits0
Rows per page
Query Builder