102 matches found
RLSA-2026:8475 Important: .NET 9.0 security update
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.116 and .NET Runtime...
dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw
A flaw was found in the .NET runtime System.Net.Mail in how email address data is parsed. Improper neutralization of special characters, specifically carriage return and line feed CR/LF sequences, may allow specially crafted email address input to be interpreted incorrectly. An attacker could...
GHSA-VVJJ-XCJG-GR5G Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)
Summary Nodemailer versions up to and including 8.0.4 are vulnerable to SMTP command injection via CRLF sequences in the transport name configuration option. The name value is used directly in the EHLO/HELO SMTP command without any sanitization for carriage return and line feed characters \r\n. A...
GHSA-C7W3-X93F-QMM8 Nodemailer has SMTP command injection due to unsanitized `envelope.size` parameter
Summary When a custom envelope object is passed to sendMail with a size property containing CRLF characters \r\n, the value is concatenated directly into the SMTP MAIL FROM command without sanitization. This allows injection of arbitrary SMTP commands, including RCPT TO — silently adding...
CVE-2019-25646
Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attackers can connect to the SMTP service on port 25 and send a malicious MAIL FROM command with an...
[SECURITY] [DSA 6160-1] netty security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6160-1 [email protected] https://www.debian.org/security/ Markus Koschany March 11, 2026 https://www.debian.org/security/faq -...
CVE-2026-30227 MimeKit: CRLF Injection in Quoted Local-Part Enables SMTP Command Injection and Email Forgery
MimeKit is a C library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME, as defined by numerous IETF specifications. Prior to version 4.15.1, a CRLF injection vulnerability in MimeKit allows an attacker to embed \r\n into the SMTP...
CVE-2026-30227 MimeKit: CRLF Injection in Quoted Local-Part Enables SMTP Command Injection and Email Forgery
MimeKit is a C library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME, as defined by numerous IETF specifications. Prior to version 4.15.1, a CRLF injection vulnerability in MimeKit allows an attacker to embed \r\n into the SMTP...
CVE-2026-30227 MimeKit: CRLF Injection in Quoted Local-Part Enables SMTP Command Injection and Email Forgery
MimeKit is a C library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME, as defined by numerous IETF specifications. Prior to version 4.15.1, a CRLF injection vulnerability in MimeKit allows an attacker to embed \r\n into the SMTP...
PT-2026-23616
Name of the Vulnerable Software and Affected Versions MimeKit versions prior to 4.15.1 MailKit versions prior to 4.15.1 Description A CRLF injection flaw exists in MimeKit and MailKit when handling SMTP envelope addresses. Specifically, when the local-part of an address is a quoted-string, the...
PT-2026-1819
Name of the Vulnerable Software and Affected Versions enaio versions 10.10.0.183 and earlier enaio versions 11.0.0.183 and earlier enaio versions 11.10.0.183 and earlier Description The AppConnector component is susceptible to command injection. Authenticated remote attackers can inject arbitrary...
CVE-1999-0098
Buffer overflow in SMTP HELO command in Sendmail allows a remote attacker to hide activities...
CVE-1999-0284
Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command...
Security update for netty, netty-tcnative
This update for netty, netty-tcnative fixes the following issues: CVE-2025-59419: fixed SMTP command injection vulnerability that allowed email forgery bsc1252097 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
SUSE-SU-2025:4087-1 Security update for netty, netty-tcnative
This update for netty, netty-tcnative fixes the following issues: - CVE-2025-59419: fixed SMTP command injection vulnerability that allowed email forgery bsc1252097...
OESA-2025-2546 netty security update
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages a...
curl: SMTP Command Injection Vulnerability in libcurl 8.16.0 via RFC 3461 Suffix
Executive Summary libcurl version 8.16.0 contains a critical SMTP command injection vulnerability CVE-quality in the implementation of RFC 3461 Delivery Status Notification DSN parameter support. The vulnerability allows an attacker to inject arbitrary SMTP commands by including CRLF \r\n...
CVE-2025-59419 Netty netty-codec-smtp SMTP Command Injection Vulnerability Allowing Email Forgery
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return \r and Line Feed \n characters in user-suppli...
EUVD-2008-4985
Malware in sbrugna...
EUVD-2020-0337
Malware in sbrugna...