Astra Linux - уязвимость в exim4

Exim 4 before 4.94.2 has an improper restriction on write operations within the bounds of a memory buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands...

PT-2026-27441

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration Suite ZCS version 8.8.15 Description A security issue exists in the Zimbra Collaboration Suite ZCS PostJournal service that allows unauthenticated attackers to execute arbitrary system commands. This is possible due to...

CVE-2026-23829

CVE-2026-23829 — Mailpit SMTP header injection via regex bypass. Mailpit’s SMTP server (prior to v1.28.3) fails to properly filter control characters in RCPT TO/MAIL FROM addresses due to a regex with an incomplete character class, allowing CR/LF bypass and header injection. The flaw stems from G...

CVE-1999-0144

Denial of service in Qmail by specifying a large number of recipients with the RCPT command...

EUVD-2000-0972

Malware in sbrugna...

EUVD-1999-0144

Malware in sbrugna...

EUVD-2005-2388

Malware in sbrugna...

EUVD-2001-0260

Malware in sbrugna...

EUVD-1999-1513

Malware in sbrugna...

EUVD-2000-0958

Malware in sbrugna...

EUVD-2002-2059

Malware in sbrugna...

EUVD-2008-2777

Malware in sbrugna...

SideFX: Port 587 SMPT Open: Can send any mail remotely from the internal mail users to company mail id's.

Port 587 SMTP open. Attacker can send emails remotely to company email addresses. This allows phishing, spamming, or other malicious emails to be sent from what appears to be a legitimate internal company email account...

SUSE CVE-2003-0540

The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service lock via 1 a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or 2 v...

SUSE CVE-2015-9097

The mail gem before 2.5.5 for Ruby aka A Really Ruby Mail Library is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring...

SUSE CVE-2015-9096

Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring...

FreeBSD : Nextcloud Calendar -- SMTP Command Injection (2a314635-be46-11ec-a06f-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2a314635-be46-11ec-a06f-d4c9ef517024 advisory. - Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in...

Command injection

Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO:...

CVE-2022-24838 Command Injection in Appointment Emails for Nextcloud Calendar

Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO:...

Command Injection in Appointment Emails for Calendar

None...