248 matches found
CVE-2018-14955
The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations animate to attribute...
CVE-2019-16378
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message...
CVE-2019-16378
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message...
CVE-2019-16378
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message...
CVE-2019-16378
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message...
CVE-2019-16378
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 is prone to a signature-bypass vulnerability with multiple From: addresses, which might affect applications that consider a domain name to be relevant to the origin of an e-mail message...
Roundcube Webmail < 1.2.0 XSS Vulnerability
Roundcube Webmail is prone to a cross-site scripting XSS vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...
zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution
A buffer overflow flaw was found in the zsh shell check path functionality. A local, unprivileged user can create a specially crafted message file, which, if used to set a custom "you have new mail" message, leads to code execution in the context of the user who receives the message. If the user...
CVE-2018-14950
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "a xlink:href=" attack...
CVE-2018-14954
The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute...
CVE-2018-14953
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "math xlink:href=" attack...
zsh: buffer overflow in utils.c:checkmailpath() can lead to local arbitrary code execution
A buffer overflow flaw was found in the zsh shell check path functionality. A local, unprivileged user can create a specially crafted message file, which, if used to set a custom "you have new mail" message, leads to code execution in the context of the user who receives the message. If the user...
PT-2018-3407 · Dovecot +3 · Dovecot +3
Name of the Vulnerable Software and Affected Versions: Dovecot affected versions not specified Description: The issue is related to an out of bounds read that can be triggered by a specially crafted email message delivered over SMTP and passed on to Dovecot by MTA. This can result in potential...
Unspecified Vulnerability in Apple iOS Mail Message Framework
Apple iOS is an operating system developed by Apple for mobile devices, and Mail Message Framework is one of the components of the e-mail message framework. A security vulnerability exists in the Mail Message Framework component of Apple iOS. The vulnerability can be exploited by a remote attacke...
CVE-2017-7152
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a crafted web site...
CVE-2017-7152
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a crafted web site...
Code injection
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a crafted web site...
UBUNTU-CVE-2017-17847
An issue was discovered in Enigmail before 1.9.9. Signature spoofing is possible because the UI does not properly distinguish between an attachment signature, and a signature that applies to the entire containing message, aka TBE-01-021. This is demonstrated by an e-mail message with an attachmen...
CVE-2017-7152
An issue was discovered in certain Apple products. iOS before 11.2 is affected. The issue involves the "Mail Message Framework" component. It allows remote attackers to spoof the address bar via a crafted web site...
CVE-2017-7152
CVE-2017-7152 affects the Mail Message Framework in iOS 11.2 and earlier. Root cause: an inconsistent UI state allowed address bar spoofing when visiting a malicious site. Impact: an attacker could spoof the address bar. Remediation: Apple released a fix with iOS 11.2 (described in Apple security...