4 matches found
EUVD-2026-40421
An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it...
CVE-2026-50254
An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it...
Haraka affected by DoS via `__proto__` email header
Summary Sending an email with proto: as a header name crashes the Haraka worker process. Details The header parser at nodemodules/haraka-email-message/lib/header.js:215-218 stores headers in a plain object: javascript addheaderkey, value, method this.headerskey ??= // line 216 this.headerskeymeth...
Microsoft Edge / Internet Explorer HandleColumnBreakOnColumnSpanningElement Type Confusion Exploit
Microsoft Edge and Internet Explorer suffer from a type confusion in HandleColumnBreakOnColumnSpanningElement. Microsoft Edge and IE: Type confusion in HandleColumnBreakOnColumnSpanningElement CVE-2017-0037 PoC: .class1 float: left; column-count: 5; .class2 column-span: all; columns: 1px; table...