12 matches found
Cloudflare Agents SDK has Insecure Direct Object Reference (IDOR) via Header-Based Email Routing
Summary An Insecure Direct Object Reference CWE-639 has been found to exist in createHeaderBasedEmailResolver function within the Cloudflare Agents SDK. The issue occurs because the Message-ID and References headers are parsed to derive the target agentName and agentId without proper validation o...
CVE-2026-1664 Insecure Direct Object Reference (IDOR) via Header-Based Email Routing
Summary An Insecure Direct Object Reference has been found to exist in createHeaderBasedEmailResolver function within the Cloudflare Agents SDK. The issue occurs because the Message-ID and References headers are parsed to derive the target agentName and agentId without proper validation or origin...
CVE-2026-1664 Insecure Direct Object Reference (IDOR) via Header-Based Email Routing
Summary An Insecure Direct Object Reference has been found to exist in createHeaderBasedEmailResolver function within the Cloudflare Agents SDK. The issue occurs because the Message-ID and References headers are parsed to derive the target agentName and agentId without proper validation or origin...
CVE-2026-1664
Summary: CVE-2026-1664 affects Cloudflare Agents SDK prior to 0.3.7, due to an IDOR in header-based email routing. Root cause: createHeaderBasedEmailResolver() parses Message-ID and References to derive target agentName/agentId without cryptographic/origin verification, letting external headers s...
SUSE CVE-2011-3481
The indexgetids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted References header in an e-mail message...
Mandriva Update for cyrus-imapd MDVSA-2012:037 (cyrus-imapd)
Check for the Version of cyrus-imapd OpenVAS Vulnerability Test Mandriva Update for cyrus-imapd MDVSA-2012:037 cyrus-imapd Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
Mandriva Update for cyrus-imapd MDVSA-2012:037 (cyrus-imapd)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
cyrus-imapd: NULL pointer dereference via crafted References header in email
The indexgetids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted References header in an e-mail message...
cyrus-imapd security update
2.3.16-6.4 - fix CVE-2011-3481: NULL pointer dereference via crafted References header in email 738391 - fix CVE-2011-3372: nntpd authentication bypass 740822...
CVE-2011-3481
The indexgetids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted References header in an e-mail message...
CVE-2011-3481
The indexgetids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted References header in an e-mail message...
CVE-2011-3481
The indexgetids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service NULL pointer dereference and daemon crash via a crafted References header in an e-mail message...