Important: .NET 10.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.106 and .NET Runtime...

Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter

Summary When a custom envelope object is passed to sendMail with a size property containing CRLF characters \r\n, the value is concatenated directly into the SMTP MAIL FROM command without sanitization. This allows injection of arbitrary SMTP commands, including RCPT TO — silently adding...

AlmaLinux 9 : python3.12 (ALSA-2026:4165)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:4165 advisory. cpython: IMAP command injection in user-controlled commands CVE-2025-15366 cpython: POP3 command injection in user-controlled commands CVE-2025-15367...

ALSA-2026:4165 Moderate: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

MimeKit has CRLF Injection in Quoted Local-Part that Enables SMTP Command Injection and Email Forgery

Summary A CRLF Injection vulnerability in MimeKit 4.15.0 allows an attacker to embed \r\n into the SMTP envelope address local-part when the local-part is a quoted-string. This is non-compliant with RFC 5321 and can result in SMTP command injection e.g., injecting additional RCPT TO / DATA / RSET...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the handling of SMTP message input. An attacker can inject arbitrary SMTP commands by supplying specially crafted input containing carriage return and line feed characters. Remediation Upgrade...

PT-2022-20459 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud server versions prior to 22.2.8 Nextcloud server versions prior to 23.0.5 Nextcloud server versions prior to 24.0.1 Description: The Nextcloud server is an open source personal cloud server. Affected versions were found to be...

SUIDPerl 5.00503 - Mail Shell Escape (1)

SUIDPerl 5.00503 - Mail Shell Escape 1 source: https://www.securityfocus.com/bid/1547/info The interaction between some security checks performed by suidperl, the setuid version of perl, and the /bin/mail program creates a scenario that allows local malicious users to execute commands with root...