Lucene search
+L

169 matches found

RedHat Linux
RedHat Linux
added 2024/10/10 1:43 p.m.7 views

angus-mail: Enabling Secure Server Identity Checks for Safer SMTPS Communication

A vulnerability was found in Apache Sling Commons Messaging Mailangus-mail, which provides a simple interface for sending emails via SMTPS in OSGi, does not offer an option to enable server identity checks, leaving connections vulnerable to "man-in-the-middle" attacks and can allow insecure email...

7.4CVSS5.7AI score0.01936EPSS
Exploits0References4
OSV
OSV
added 2024/03/22 11:7 a.m.4 views

OESA-2024-1320 python-aiosmtpd security update

This is a server for SMTP and related protocols, similar in utility to the standard library's smtpd.py module, but rewritten to be based on asyncio for Python 3. Security Fixes: aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP...

5.3CVSS6.9AI score0.00371EPSS
Exploits0References2
OSV
OSV
added 2024/03/18 2:15 a.m.3 views

UBUNTU-CVE-2023-52159

A stack-based buffer overflow vulnerability in gross 0.9.3 through 1.x before 1.0.4 allows remote attackers to trigger a denial of service grossd daemon crash or potentially execute arbitrary code in grossd via crafted SMTP transaction parameters that cause an incorrect strncat for a log entry...

7.5CVSS6.6AI score0.01055EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/03/12 12:0 a.m.4 views

aiosmtpd Data Forgery Issue Vulnerability

aiosmtpd is an asyncio-based SMTP server. aiosmtpd is vulnerable to a data forgery issue that stems from the presence of an SMTP smuggling vulnerability...

5.3CVSS6.8AI score0.00371EPSS
Exploits0References6
OSV
OSV
added 2024/01/29 4:15 a.m.5 views

CVE-2024-24736

The POP3 service in YahooPOPs aka YPOPs! 1.6 allows a remote denial of service reboot via a long string to TCP port 110, a related issue to CVE-2004-1558...

7.5CVSS5.8AI score0.01182EPSS
Exploits1References1
OSV
OSV
added 2023/10/30 12:15 a.m.8 views

CVE-2023-4393

HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization...

6.1CVSS5.8AI score0.00309EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/10/17 1:0 a.m.5 views

SUSE CVE-2023-5422

The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the SSLgetverifyresult function is not used the certificated is trusted always and it can not be ensured that the certificate satisfies all necessary securit...

9.1CVSS6.9AI score0.00276EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/06/20 12:0 a.m.5 views

Open-Xchange OX App Suite 安全漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange OX App Suite OXAS-BACKEND, which stems from the SMTP function response processing not limiting the size of the response to a reasonable size when...

4.3CVSS5.2AI score0.01148EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2023/02/15 6:20 a.m.5 views

SUSE CVE-2004-0777

Format string vulnerability in the authdebug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging DEBUGLOGIN is enabled, allows remote attackers to execute arbitrary code...

7.5CVSS7.7AI score0.10906EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:6 a.m.6 views

SUSE CVE-2008-4907

The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service persistent crash via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsi...

4.3CVSS7AI score0.06203EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:28 a.m.4 views

SUSE CVE-2018-9846

In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin enabled and configured, it's possible to exploit the unsanitized, user-controlled "uid" parameter in an archive.php task=mail&mbox=INBOX&action=plugin.move2archive request to perform an MX IMAP injection attack by placing an IMAP...

8.8CVSS9AI score0.02289EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:25 a.m.3 views

SUSE CVE-2018-14351

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size...

7.3CVSS7AI score0.03166EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2023/02/15 4:25 a.m.6 views

SUSE CVE-2018-14355

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name...

5.4CVSS7AI score0.03317EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.3 views

SUSE CVE-2020-15954

KDE KMail 19.12.3 aka 5.13.3 engages in unencrypted POP3 communication during times when the UI indicates that encryption is in use...

6.5CVSS6.5AI score0.00653EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:42 a.m.6 views

SUSE CVE-2021-29969

If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...

7.5CVSS9.1AI score0.012EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:41 a.m.5 views

SUSE CVE-2021-32066

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...

7.4CVSS6.5AI score0.02909EPSS
Exploits1References35
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.7 views

SUSE CVE-2021-38372

In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS...

4.3CVSS4.8AI score0.00788EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.2 views

SUSE CVE-2021-38502

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication...

5.9CVSS9.2AI score0.01066EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/01/06 12:0 a.m.5 views

PT-2023-14802 · Apache · Apache James Server

Name of the Vulnerable Software and Affected Versions: Apache James server versions 3.7.2 and prior versions Description: The issue allows an attacker with local access to access private user data in transit due to the usage of temporary files with insecure permissions by the Apache James server...

5.5CVSS7.1AI score0.0036EPSS
Exploits0References9
OSV
OSV
added 2022/05/11 11:3 a.m.4 views

OESA-2022-1628 evolution-data-server security update

The evolution-data-server package provides a personal information management application that provides integrated mail, calendaring and address book functionality. The evolution-data-server package provides a single database for common, desktop-wide information, such as a user's address book or...

5.9CVSS6.8AI score0.02123EPSS
Exploits1References2
Rows per page
Query Builder