USN-8365-1: Dovecot vulnerabilities

It was discovered that Dovecot incorrectly treated some variable expansion pipelines as safe in authentication filters. An attacker could possibly use this issue to perform SQL or LDAP injection attacks. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. CVE-2026-27851 It was discovered...

SUSE CVE-2026-40020

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...

EUVD-2026-29471

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...

CVE-2026-40020

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...

IBM Aspera Shares 安全漏洞

IBM Aspera Shares is a web application developed by IBM. Versions 1.9.9 to 1.11.0 of IBM Aspera Shares contain security vulnerabilities. These vulnerabilities stem from the lack of proper rate limiting on the frequency with which emails are sent to authenticated users, which may lead to email...

CVE-2025-55268

HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and processing resources which may lead to Denial of Service...

EUVD-2025-209059

HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and processing resources which may lead to Denial of Service...

CVE-2025-55268

HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and processing resources which may lead to Denial of Service...

CVE-2025-55268

CVE-2025-55268 pertains to HCL Aftermarket DPC and describes a spamming vulnerability that allows an actor to generate excessive spam, potentially consuming server bandwidth and processing resources and leading to a Denial of Service. The available sources identify the affected product and the ge...

CVE-2025-55268 HCL Aftermarket DPC is affected by Spamming Vulnerability

HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and processing resources which may lead to Denial of Service...

CVE-2025-55268

HCL Aftermarket DPC is affected by Spamming Vulnerability which can allow the actor to excessive spamming can consume server bandwidth and processing resources which may lead to Denial of Service...

HCL Aftermarket DPC 安全漏洞

HCL Aftermarket DPC is a digital spare parts and aftermarket management platform for HCL India. HCL Aftermarket DPC suffers from a security vulnerability that can be exploited by attackers to cause a denial of service by consuming server bandwidth and processing resources through mass spamming...

CVE-2021-41138

Frontier is Substrate's Ethereum compatibility layer. In the newly introduced signed Frontier-specific extrinsic for pallet-ethereum, a large part of transaction validation logic was only called in transaction pool validation, but not in block execution. Malicious validators can take advantage of...

CVE-1999-0512

A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers...

MAL-2025-179760 Malicious code in kiut-acog-avefivubufuaig (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8da892144da2489324798ec1a4f99c4d315f21d6cab1af1818ed7e33ef8af899 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-173164 Malicious code in buis-manis-mioapaga (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bac2a638312065fe6a5edcefe6b7a9b183e6cd858a4bdd20770a1f4ed746ae55 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in nokire-nakao1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e93d5a12d1abbd9551a43649e118212b46099678b0343bf1e838e8f070ff8451 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-157127 Malicious code in juris-zs-drs (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f2ee0f93e79cf6929ab8f37c5f4374e56aec004920e7e1e2f001b034a65835f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-169097 Malicious code in tehnah-managagah-musrika (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6735e7dced35ca995339cf32996ac640ba2a0889acefb095a9a1a35f033739e8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in avminh-afais-fomaghog (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf1f1c547a4c4bb85caa0e487151dec6e295fb9c510ad262f60aee7cfce19cad This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...