Cross-Site Scripting in TYPO3's Frontend Login Mailer

Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C 4.9 Problem User submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. Solution Update to TYPO3 versions 9.5.35...

CVE-2022-31049

TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions...

CVE-2022-31049 Cross-Site Scripting in Frontend Login Mailer

TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions...

CVE-2022-31049 Cross-Site Scripting in Frontend Login Mailer

TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions...

OESA-2022-1492 nss security update

Network Security Services. Security Fixes: NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \7, or PKCS \12 are...

Over Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks

A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients. The affected email clients include Thunderbird, Microsoft...

Android Messaging: A Few Bugs Short of a Chain

Posted by Natalie Silvanovich, Project Zero About a year and a half ago, I did some research into Android messaging and mail clients. At the time, I didn’t blog about it, because though I found bugs, I wasn’t able to assemble them into a credible attack. However, in the spirit of writing about...

Updated emacs packages fix security vulnerability

Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data e.g. when using Emacs-based mail clients CVE-2017-14482...

Debian DLA-1101-1 : emacs23 security update

Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data e.g. when using Emacs-based mail clients. For Debian 7 'Wheezy', these problems have been fixed in version 23.4+1-4+deb7u1. We recommend that you upgrade your emacs23 packages...

Debian DSA-3975-1 : emacs25 - security update

Charles A. Roelli discovered that Emacs is vulnerable to arbitrary code execution when rendering text/enriched MIME data e.g. when using Emacs-based mail clients. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

[SECURITY] [DSA 3970-1] emacs24 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3970-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff September 12, 2017 https://www.debian.org/security/faq -...

Debian: Security Advisory (DSA-3970-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cisco Email Security Appliance Malformed MIME Header Filtering Bypass Vulnerability

A vulnerability in the Multipurpose Internet Mail Extensions MIME scanner of Cisco AsyncOS Software for Cisco Email Security Appliances ESA could allow an unauthenticated, remote attacker to bypass configured user filters on the device. The vulnerability is due to improper error handling of a...

Design/Logic Flaw

Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issu...

PT-2010-2543 · Microsoft · Windows Mail +2

Name of the Vulnerable Software and Affected Versions: Microsoft Outlook Express versions 5.5 SP2, 6, and 6 SP1 Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 Windows Mail on Windows Vista SP1 and SP2, Windows Server 20...

External news readers and e-mail clients can be used to execute arbitrary code

If a user has configured Opera to use an external newsgroup client or e-mail application, specially crafted Web pages can cause Opera to run that application incorrectly. In some cases this can lead to execution of arbitrary code...

fetchmail/mutt/evolution/...: APOP password disclosure vulnerability

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle MITM attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including 1 Thunderbird 1.x before 1.5.0.12 and...

fetchmail/mutt/evolution/...: APOP password disclosure vulnerability

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle MITM attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including 1 Thunderbird 1.x before 1.5.0.12 and...

JVN#19445002 APOP password recovery vulnerability

Impact APOP passwords may be compromised. When the same password is used for other systems, those systems could be compromised as well. Solution Products Affected Mail clients with an APOP implementation As this is a protocol issue, software fixes cannot solve the issue essentially. Encrypted...

DEBIAN-CVE-2007-1558

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle MITM attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including 1 Thunderbird 1.x before 1.5.0.12 and...