169 matches found
angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication
A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can allow insecure email...
OESA-2024-1320 python-aiosmtpd security update
This is a server for SMTP and related protocols, similar in utility to the standard library's smtpd.py module, but rewritten to be based on asyncio for Python 3. Security Fixes: aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP...
UBUNTU-CVE-2023-52159
A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service grossd daemon crash or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry...
aiosmtpd Data Forgery Issue Vulnerability
aiosmtpd is an asyncio-based SMTP server. aiosmtpd is vulnerable to a data forgery issue that stems from the presence of an SMTP smuggling vulnerability...
CVE-2024-24736
The POP3 service in YahooPOPs aka YPOPs! 1.6 allows a remote denial of service reboot via a long string to TCP port 110, a related issue to CVE-2004-1558...
CVE-2023-4393
HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization...
SUSE CVE-2023-5422
The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the SSLgetverifyresult function is not used the certificated is trusted always and it can not be ensured that the certificate satisfies all necessary securit...
Open-Xchange OX App Suite 安全漏洞
Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange OX App Suite OXAS-BACKEND, which stems from the SMTP function response processing not limiting the size of the response to a reasonable size when...
SUSE CVE-2004-0777
Format string vulnerability in the authdebug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging DEBUGLOGIN is enabled, allows remote attackers to execute arbitrary code...
SUSE CVE-2008-4907
The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service persistent crash via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsi...
SUSE CVE-2018-9846
In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "uid" parameter in an archive.php task=mail&mbox=INBOX&action=plugin.move2archive request to perform an MX IMAP injection attack by placing an IMAP...
SUSE CVE-2018-14351
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size...
SUSE CVE-2018-14355
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name...
SUSE CVE-2020-15954
KDE KMail 19.12.3 aka 5.13.3 engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use...
SUSE CVE-2021-29969
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...
SUSE CVE-2021-32066
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...
SUSE CVE-2021-38372
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS...
SUSE CVE-2021-38502
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication...
PT-2023-14802 · Apache · Apache James Server
Name of the Vulnerable Software and Affected Versions: Apache James server versions 3.7.2 and prior versions Description: The issue allows an attacker with local access to access private user data in transit due to the usage of temporary files with insecure permissions by the Apache James server...
OESA-2022-1628 evolution-data-server security update
The evolution-data-server package provides a personal information management application that provides integrated mail, calendaring and address book functionality. The evolution-data-server package provides a single database for common, desktop-wide information, such as a user's address book or...