43 matches found
CVE-2020-12644
OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API...
EUVD-2020-4944
Malware in sbrugna...
EUVD-1999-1151
Malware in sbrugna...
EUVD-2010-0539
Malware in sbrugna...
CVE-2010-0508
Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors...
CVE-2024-52508 Nextcloud Mail auto configurator can be tricked into sending account information to wrong servers
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like [email protected] that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would ...
CVE-2024-23251
CVE-2024-23251 is an authentication issue in Appleās Mail that could allow leakage of Mail account credentials when an attacker has physical access. The public description states the issue was fixed via improved state management and lists affected platforms and patches: macOS Sonoma 14.5, iOS 17....
CVE-2024-23251
An authentication issue was addressed with improved state management. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. An attacker with physical access may be able to leak Mail account credentials...
CVE-2024-23251
An authentication issue was addressed with improved state management. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, watchOS 10.5. An attacker with physical access may be able to leak Mail account credentials...
CVE-2023-26432
When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted SMTP server...
CVE-2023-26432
When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted SMTP server...
CVE-2023-26433
When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted IMAP server...
CVE-2023-26434
When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server...
CVE-2023-26434
When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server...
CVE-2023-26433
When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted IMAP server...
Code injection
When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server...
CVE-2023-26434
When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted POP3 server...
CVE-2023-26434
CVE-2023-26434 affects Open-Xchange App Suite (OX App Suite): the vulnerability arises from processing of POP3 capabilities responses without enforcing plausible size limits when adding an external mail account. An attacker with access to a rogue POP3 service could cause excessive resource usage,...
CVE-2023-26433
When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead to excessive resource usage and eventually service unavailability. We now limit accepted IMAP server...
CVE-2023-26433
CVE-2023-26433 affects Open-Xchange OX App Suite (OXAS-BACKEND) where IMAP capabilities responses were not constrained by size when adding an external mail account. The root cause is unbounded processing of IMAP server responses, enabling an attacker with access to a rogue IMAP service to trigger...