CVE-2026-27859

A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed...

Softnext Technologies Mail SQR Expert Security Vulnerability

Softnext Technologies Mail SQR Expert is a comprehensive email content security management system from Softnext Technologies, China. A security vulnerability exists in Softnext Technologies Mail SQR Expert prior to v230330, which is caused by a Local File Inclusion LFI vulnerability in URLs...

SUSE CVE-2020-10967

In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart...

CVE-2022-20960

A vulnerability in Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper handling of certain TLS connections that are processed by an...

CVE-2021-43360

Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services...

CVE-2021-43360

Sunnet eHRD is a talent management system from Sun Chat Technology. The CVE-2021-43360 vulnerability affects its e-mail delivery task schedule’s serialization function, where inadequate input object validation and restriction allows a post-authenticated remote attacker with database access privil...

Dovecot 1.2.0 - 2.3.14 DoS Vulnerability

Dovecot is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

Dovecot 2.3.11 - 2.3.11.3 DoS Vulnerability

Dovecot is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dovecot:dovecot";...

FreeBSD : mail/dovecot -- multiple vulnerabilities (bd98066d-4ea4-11eb-b412-e86a64caca56)

Aki Tuomi reports : When imap hibernation is active, an attacker can cause Dovecot to discover file system directory structure and access other users' emails using specially crafted command. The attacker must have valid credentials to access the mail server. Mail delivery / parsing crashed when t...

mail/dovecot -- multiple vulnerabilities

Aki Tuomi reports: When imap hibernation is active, an attacker can cause Dovecot to discover file system directory structure and access other users' emails using specially crafted command. The attacker must have valid credentials to access the mail server. Mail delivery / parsing crashed when th...

Dovecot 2.0 < 2.3.11.3 DoS Vulnerability

Dovecot is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dovecot:dovecot";...

FreeBSD : Dovecot -- Multiple vulnerabilities (37d106a8-15a4-483e-8247-fcb68b16eaf8)

Aki Tuomi reports : Vulnerability Details : Sending malformed NOOP command causes crash in submission, submission-login or lmtp service. Risk : Remote attacker can keep submission-login service down, causing denial of service attack. For lmtp the risk is neglible, as lmtp is usually behind a...

EulerOS 2.0 SP3 : sendmail (EulerOS-SA-2019-2661)

According to the version of the sendmail packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The smcloseonexec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FDCLOEXE...

FreeBSD : dovecot -- json encoder crash (a64aa22f-61ec-11e9-85b9-a4badb296695)

Aki Tuomi reports : CVE-2019-10691: Trying to login with 8bit username containing invalid UTF8 input causes auth process to crash if auth policy is enabled. This could be used rather easily to cause a DoS. Similar crash also happens during mail delivery when using invalid UTF8 in From or Subject...

dovecot -- json encoder crash

Aki Tuomi reports: CVE-2019-10691: Trying to login with 8bit username containing invalid UTF8 input causes auth process to crash if auth policy is enabled. This could be used rather easily to cause a DoS. Similar crash also happens during mail delivery when using invalid UTF8 in From or Subject...

Cumulative Update 12 for Exchange Server 2016

Cumulative Update 12 for Exchange Server 2016 Cumulative Update 12 for Microsoft Exchange Server 2016 was released on February 12, 2019. This cumulative update is a security update. It includes fixes for nonsecurity issues and all previously released fixes for security and nonsecurity issues. The...

Description of the security update for Outlook 2016: January 8, 2019

Description of the security update for Outlook 2016: January 8, 2019 Summary This security update resolves an information disclosure vulnerability that exists when Microsoft Outlook improperly handles certain types of messages. To learn more about the information disclosure vulnerability, see...

Description of the security update for Outlook 2013: January 8, 2019

Description of the security update for Outlook 2013: January 8, 2019 Summary This security update resolves an information disclosure vulnerability that exists when Microsoft Outlook improperly handles certain types of messages. To learn more about the information disclosure vulnerability, see...

Updated roundcubemail packages fix security vulnerability

Users can execute commands on the server by writing e-mails, due to insufficient sanitation of the from field when calling PHP's mail function CVE-2016-9920. Note that only roundcubemail installations that don't have an SMTP server configured for mail delivery are affected...

Mail Transfer Agent and Mail Delivery Agent Remote Command Execution via Shellshock

The remote host appears to be running a mail transfer or mail delivery agent such as Courier, Exim, Postfix, or Procmail. Many of these agents can be configured to run utility scripts for a diverse number of tasks including filtering, sorting, and delivering mail. These scripts may create the...