Lucene search
K

14 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 has an improper neutralization of line delimiters, which is relevant in non-default configurations that enable Delivery Status Notification DSN. Certain uses of ORCPT= can insert a new line into a spool header file, thereby indirectly allowing unauthenticated remote attackers...

9.8CVSS7.3AI score0.09285EPSS
Exploits1References1
OSV
OSV
added 2026/02/27 10:16 p.m.6 views

AZL-78509 CVE-2026-28419 affecting package vim 9.1.1616-1

Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file where a delimiter appears at the start of a line, Vim attempts to read memory immediately preceding...

6.6CVSS6.2AI score0.00168EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.1 views

EUVD-2020-20512

Malware in sbrugna...

9CVSS7.8AI score0.0406EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-0681

Malicious code in bioql PyPI...

7.1CVSS7AI score0.01045EPSS
Exploits0References9
Veracode
Veracode
added 2024/02/28 12:16 p.m.19 views

SMTP Smuggling

Apache James is vulnerable to SMTP Smuggling. The vulnerability is due to the lenient behavior in line delimiter handling which creates a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to bypas...

7.1CVSS7AI score0.01045EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2024/02/27 3:30 p.m.13 views

GHSA-P5Q9-86W4-2XR5 SMTP smuggling in Apache James

Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...

7.1CVSS6.8AI score0.01045EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2024/02/27 3:30 p.m.29 views

SMTP smuggling in Apache James

Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...

7.1CVSS7AI score0.01045EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2024/02/27 2:15 p.m.26 views

CVE-2023-51747

Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...

7.1CVSS6.3AI score0.01045EPSS
Exploits0References4
OSV
OSV
added 2024/02/27 2:15 p.m.5 views

CVE-2023-51747

Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...

7.1CVSS6.6AI score
Exploits0References4
Prion
Prion
added 2024/02/27 2:15 p.m.31 views

Design/Logic Flaw

Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...

7AI score0.01045EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.3 views

PT-2024-14283 · Apache · Apache James

Name of the Vulnerable Software and Affected Versions: Apache James versions prior to 3.8.1 and 3.7.5 Description: A lenient behavior in line delimiter handling might create a difference of interpretation between the sender and the receiver, which can be exploited by an attacker to forge an SMTP...

7.1CVSS6.8AI score0.01045EPSS
Exploits0References14
SUSE CVE
SUSE CVE
added 2023/02/15 3:52 a.m.3 views

SUSE CVE-2020-28026

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification DSN. Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary...

9.8CVSS8.5AI score0.09285EPSS
Exploits1References6
OSV
OSV
added 2021/05/06 1:15 p.m.1 views

DEBIAN-CVE-2020-28021

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via AUTH= in a MAIL FROM command...

8.8CVSS8.4AI score0.0406EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/05/06 4:41 a.m.22 views

CVE-2020-28026

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification DSN. Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary...

9.8AI score0.09285EPSS
Exploits1References1
Rows per page
Query Builder