16 matches found
CVE-2026-46584 Apache Camel Mail: The mail producer applied attacker-supplied message headers as JavaMail session properties, allowing an attacker to influence SMTP parameters
Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...
CVE-2026-46584
CVE-2026-46584 affects Apache Camel’s Mail component. The MailProducer.getSender could read headers from the mail.smtp/mail.smtps namespace and apply them as JavaMail session properties, overriding endpoint config. This allows attacker-controlled inputs to influence SMTP parameters if untrusted i...
CVE-2026-49979
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses...
org.bouncycastle:bcjmail-debug-jdk15to18 (>=1.81 <=1.83), org.bouncycastle:bcmail-debug-jdk15to18 (>=1.81 <=1.83) +4 more potentially affected by CVE-2025-14813 via org.bouncycastle:bcprov-debug-jdk15to18 (>=1.81 <=1.83)
org.bouncycastle:bcprov-debug-jdk15to18 MAVEN version =1.81, =1.81, =1.81, =1.81, =1.81, =1.81, =1.81, =1.83 Source cves: CVE-2025-14813 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075262...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : javamail (SUSE-SU-2025:03025-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03025-1 advisory. - Update to version 1.6.2 - CVE-2025-7962: Fixed an improper neutralization of \r and \n UTF-8 character...
app.tozzi.mail:pec-parser (=4.0.0), app.tozzi:uudecoder (=4.0.0) +1257 more potentially affected by CVE-2025-7962 via com.sun.mail:jakarta.mail (>=2.0.0-RC1 <=2.0.1)
com.sun.mail:jakarta.mail MAVEN version =2.0.0-RC1, =0.2.0, =0.2.0, =2.0.1, =2.0.0, =0.1, =0.4, =1.0.0, =2022.3.4.0, =1.0.0-JDK21, =1.0.3.2-JDK21 - cn.sunyblog.easymail:easymail-spring-boot-starter3 =1.0.1 and more Source cves: CVE-2025-7962 Source advisory: SNYK:JAVA-COMSUNMAIL-12028709...
Solaris 5.9 (x86) : 117884-02
Application Server 7.1x86: Java Mail Runtime Patch. Date this patch was last updated by Sun : Feb/18/05 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. i...
Solaris 5.8 (sparc) : 117883-02
Application Server 7.1: Java Mail Runtime Patch. Date this patch was last updated by Sun : Feb/18/05 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...
Solaris 5.9 (sparc) : 117883-02
Application Server 7.1: Java Mail Runtime Patch. Date this patch was last updated by Sun : Feb/18/05 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...
Solaris 8 (sparc) : 116300-21
Sun One Application Server 7.0: Java Mail Runtime Patch. Date this patch was last updated by Sun : May/23/06 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...
Solaris 9 (sparc) : 116300-21
Sun One Application Server 7.0: Java Mail Runtime Patch. Date this patch was last updated by Sun : May/23/06 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...
Solaris 9 (x86) : 116301-20
Sun One Application Server 7.0x86: Java Mail Runtime Patch. Date this patch was last updated by Sun : May/23/06 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...
Command injection
The SMTP server in Apache Java Mail Enterprise Server aka Apache James 2.2.0 allows remote attackers to cause a denial of service CPU consumption via a long argument to the MAIL command...
CVE-2006-2806
The SMTP server in Apache Java Mail Enterprise Server aka Apache James 2.2.0 allows remote attackers to cause a denial of service CPU consumption via a long argument to the MAIL command...
JAMES2.2.0.txt
--------------------------------------------------------------------------- ECHOADV31$2006 JAMES 2.2.0 -- Denial Of Service --------------------------------------------------------------------------- Author : y3dips a.k.a Ahmad Muammar W.K Date : April, 27th 2006 Location : Indonesia, Jakarta Web...
PT-2005-2659 · Oracle · Javamail Api
Name of the Vulnerable Software and Affected Versions: JavaMail API affected versions not specified Description: The issue concerns the JavaMail API, which does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders. This allows remote...