PT-2025-50802

Name of the Vulnerable Software and Affected Versions ADM versions 4.1.0 through 4.3.3.RKD2 ADM versions 5.0.0 through 5.1.0.RN42 Description An improperly validated TLS/SSL certificate when sending emails to an SMTP server via msmtp allows an attacker intercepting network traffic to execute a...

GO-2025-3988 Insufficient address encoding when passing mail addresses to the SMTP client in github.com/wneessen/go-mail

Insufficient address encoding when passing mail addresses to the SMTP client in github.com/wneessen/go-mail...

Mageia: Security Advisory (MGASA-2025-0238)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2025-61962

In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context...

EUVD-2021-10277

Malware in sbrugna...

EUVD-2020-20514

Malware in sbrugna...

EUVD-2005-3401

Malware in sbrugna...

CVE-2025-61962

In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context...

CVE-2025-61962

In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context...

[slackware-security] fetchmail

New fetchmail packages are available for Slackware 15.0 and -current to fix a security issue. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/fetchmail-6.4.27-i586-2slack15.0.txz: Rebuilt. This update fixes a security issue: fetchmail SMTP client can crash when...

CVE-2025-59937 go-mail has insufficient address encoding when passing mail addresses to the SMTP client

go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, there is a possibility of wrong...

CVE-2025-59937 go-mail has insufficient address encoding when passing mail addresses to the SMTP client

go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, there is a possibility of wrong...

curl: CRLF injection in libcurl's SMTP client via --mail-from and --mail-rcpt allows SMTP command smuggling

Summary: libcurl's SMTP client is vulnerable to CRLF injection via the --mail-from and --mail-rcpt parameters. An attacker can inject newline characters to smuggle SMTP commands like VRFY, potentially enabling user enumeration or protocol abuse. While curl may fail after injection, the injected...

CVE-2020-28023

Exim 4 before 4.94.2 allows Out-of-bounds Read. smtpsetupmsg may disclose sensitive information from process memory to an unauthenticated SMTP client...

CVE-2020-28021

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via AUTH= in a MAIL FROM command...

CVE-2023-46386

LOYTEC electronics GmbH LINX-212 and LINX-151 devices all versions are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication...

CVE-2023-46388

LOYTEC electronics GmbH LINX-212 and LINX-151 devices all versions are vulnerable to Insecure Permissions via dpalconfig.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication...

Design/Logic Flaw

LOYTEC electronics GmbH LINX-212 6.2.4 and LINX-151 7.2.4 are vulnerable to Insecure Permissions via dpalconfig.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication...

Authentication flaw

LOYTEC electronics GmbH LINX-212 firmware 6.2.4 and LINX-151 firmware 7.2.4 are vulnerable to Insecure Permissions via registry.xml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication...

CVE-2023-46386

LOYTEC LINX-212 and LINX-151 devices (all versions) are affected by CVE-2023-46386 due to insecure permissions in the registry.xml file, which can disclose SMTP client credentials and bypass email authentication. The connected ICS advisory details affected products (LINX-151, LINX-212, LVIS-3ME12...