136 matches found
Important: Red Hat Security Advisory: go-toolset:rhel8 security update
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Cybozu Garoon Information Disclosure Vulnerability (CNVD-2024-29673)
Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. An information disclosure vulnerability exists in Cybozu Garoon. The vulnerability stems from insufficient...
GHSA-26HQ-7286-MG8F Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability
Zend Framework 1 vulnerability can be remotely exploited to execute code in Magento 1. While the issue is not reproducible in Magento 2, the library code is the same so it was fixed as well. Note: while the vulnerability is scored as critical, few systems are affected. To be affected by the...
PT-2023-30769 · Nextcloud · Nextcloud Mail
Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions 1.13.0 through 2.2.7 Nextcloud Mail versions 2.2.8 is not affected, but versions prior to 3.3.0 are affected, so the correct range is: Nextcloud Mail versions 1.13.0 through 3.2.x Description: Nextcloud Mail is the mai...
PT-2023-29634 · Nextcloud · Nextcloud Mail
Name of the Vulnerable Software and Affected Versions: Nextcloud Mail versions prior to 2.2.8 Nextcloud Mail versions prior to 3.3.0 Description: The issue is related to a missing check of origin, target, and cookies in Nextcloud Mail, allowing an attacker to abuse the proxy endpoint and cause a...
CVE-2023-44171
SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component adminsmtp.php...
PT-2023-11375 · WordPress · Wp Html Mail
Name of the Vulnerable Software and Affected Versions: WP HTML Mail plugin for WordPress versions up to, and including, 2.9.0.3 Description: The issue arises from insufficient input sanitization, allowing unauthenticated attackers to inject arbitrary HTML in pages. This can be achieved if an...
Forma SPOT-LMS 3.2.1 Cross Site Scripting
Title: Forma SPOT-LMS-3.2.1 Cross-site scripting reflected RCE - reset mail vulnerability Author: nu11secur1ty Date: 11.07.2022 Vendor: https://www.spotlms.us/indexmulti.php The software is applied in the demo account: https://www.spotlms-anca-001.ovh/ Reference:...
Nextcloud 日志信息泄露漏洞
Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A log message disclosure vulnerability exists in Nextcloud Mail that originates from logging user passwords to disk...
Nextcloud 代码问题漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A code issue vulnerability exists in Nextcloud Mail that stems from unrestricted access to minifier. An attacker could exploit this vulnerability to perfor...
PT-2022-25412 · Mozilla +4 · Thunderbird +4
Name of the Vulnerable Software and Affected Versions: xdg-mail affected versions not specified Description: The issue arises when xdg-mail is configured to use thunderbird for mailto URLs, leading to improper parsing of the URL. This can result in additional headers being passed to thunderbird...
Privilege Escalation
claws-mail is vulnerable to privilege escalation. The vulnerability exists due to the lack of link checks before accepting a click in textviewurisecuritycheck in textview.c...
CVE-2021-20762
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege...
CVE-2021-20757
Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege...
OpenMage: Sharing products with Mail allows phishing attacks due to misconfiguration.
Hello Team. I found a part that could cause a phishing attack. Incorrect configuration in the part of sharing products with mail causes this. 1. Go to https://demo.openmage.org/sendfriend/product/send/id/430/catid/20/ 2. The Sender email address should normally be an email address provided by you...
MGASA-2020-0321 Updated claws-mail packages fix security vulnerability
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled CVE-2020-15917...
UBUNTU-CVE-2020-16094
In imapscantreerecursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree...
PT-2020-6509 · Apple · Ios +2
Name of the Vulnerable Software and Affected Versions: Apple iOS versions prior to 13.5 Apple iPadOS versions prior to 13.5 Apple watchOS versions prior to 6.2.5 Apple iOS version 12.4.7 and earlier Description: An out-of-bounds write issue was addressed with improved bounds checking. Processing ...
Nextcloud Mail Trust Management Issue Vulnerability
Nextcloud is a set of open source self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A trust management issue vulnerability exists in Nextcloud Mail version 1.1.3, which stems from a lack of authentication to a TLS host. An attacker could...
PHP 7.4.x < 7.4.1 Multiple Vulnerabilities
According to its banner, the version of PHP running on the remote web server is prior to 7.2.26, 7.3.x prior to 7.3.13, or 7.4.x prior to 7.4.1. It is, therefore, affected by multiple vulnerabilities: - An arbitrary file read vulnerability exists in link and DirectoryIterator class due to imprope...