CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

47 matches found

NVD•added 2026/02/27 8:21 p.m.•3 views

CVE-2026-27947

Group-Office is an enterprise customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.154 have an authenticated Remote Code Execution vulnerability in the TNEF attachment processing flow. The vulnerable path extracts attacker-controlled files from winmail.d...

9.4CVSS0.0013EPSS

Exploits0References1

Cvelist•added 2026/02/27 7:52 p.m.•15 views

CVE-2026-27947 Group-Office Vulnerable to Remote Code Execution (RCE)

9.4CVSS0.0013EPSS

Exploits0References1

EUVD•added 2026/02/27 7:52 p.m.•3 views

EUVD-2026-9060

9.4CVSS6.2AI score0.0013EPSS

Exploits0References1

Vulnrichment•added 2026/02/27 7:52 p.m.•1 views

CVE-2026-27947 Group-Office Vulnerable to Remote Code Execution (RCE)

9.4CVSS6.2AI score0.0013EPSS

Exploits0References1

OSV•added 2026/02/27 7:52 p.m.•1 views

CVE-2026-27947 Group-Office Vulnerable to Remote Code Execution (RCE)

9.4CVSS6.2AI score0.0013EPSS

Exploits0References3

Positive Technologies•added 2026/02/27 12:0 a.m.•3 views

PT-2026-22390

Name of the Vulnerable Software and Affected Versions Group-Office versions prior to 26.0.9 Group-Office versions prior to 25.0.87 Group-Office versions prior to 6.8.154 Description Group-Office is a customer relationship management and groupware tool. Versions prior to 26.0.9, 25.0.87, and 6.8.1...

9.4CVSS6.3AI score0.0013EPSS

Exploits0References5

Tenable Nessus•added 2025/08/27 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2019-18849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorizedkeys file via an e-mail message with a crafted winmail.dat...

5.5CVSS6.2AI score0.00769EPSS

Exploits1References2

SUSE CVE•added 2023/02/15 4:6 a.m.•2 views

SUSE CVE-2019-18849

In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorizedkeys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup...

5.5CVSS5.7AI score0.00769EPSS

Exploits1References3

OpenVAS•added 2022/01/28 12:0 a.m.•14 views

Mageia: Security Advisory (MGASA-2019-0367)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.6AI score0.00769EPSS

Exploits1References4

Tenable Nessus•added 2021/08/24 12:0 a.m.•27 views

Debian DLA-2748-1 : tnef - LTS security update

The remote Debian 9 host has a package installed that is affected by a vulnerability as referenced in the dla-2748 advisory. - In tnef before 1.4.18, an attacker may be able to write to the victim's .ssh/authorizedkeys file via an e-mail message with a crafted winmail.dat application/ms-tnef...

5.5CVSS6.3AI score0.00769EPSS

Exploits1References5

OpenVAS•added 2021/08/24 12:0 a.m.•28 views

Debian: Security Advisory (DLA-2748-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.5CVSS5.5AI score0.00769EPSS

Exploits1References4

CNNVD•added 2021/05/26 12:0 a.m.•1 views

ytnef 路径遍历漏洞

ytnef is a TNEF Transport Neutral Encapsulation Format stream reader for winmail.dat files. YTNEF suffers from a security vulnerability that stems from. An attacker could use a crafted email to cause these applications to write data to an arbitrary location on the file system, crash, or execute...

7.8CVSS7.8AI score0.00289EPSS

Exploits0References2

Veracode•added 2020/09/21 6:34 a.m.•4 views

Denial Of Service (DoS)

tnef is vulnerable to denial of service DoS. The vulnerability exists through a heap-based buffer over-read in strdup, allowing an attacker may be able to write to the victim's .ssh/authorizedkeys file through an e-mail message with a crafted winmail.dat application/ms-tnef attachment...

5.5CVSS6.5AI score0.00769EPSS

Exploits1References9Affected Software1

Mageia•added 2019/12/06 2:15 p.m.•29 views

Updated tnef packages fix security vulnerability

Updated tnef package fixes security vulnerability: In tnef, an attacker may be able to write to the victim's .ssh/authorizedkeys file via an e-mail message with a crafted winmail.dat application/ms-tnef attachment, because of a heap-based buffer over-read involving strdup CVE-2019-18849...

5.5CVSS3.2AI score0.00769EPSS

Exploits1References2

Fedora•added 2019/12/05 1:43 a.m.•18 views

[SECURITY] Fedora 31 Update: tnef-1.4.18-1.fc31

This application provides a way to unpack Microsoft MS-TNEF MIME attachment s. It operates like tar in order to unpack files of type "application/ms-tnef", which may have been placed into the MS-TNEF attachment instead of being attached separately. Such files may have attachment names similar to...

5.5CVSS2.3AI score0.00769EPSS

Exploits1

Fedora•added 2019/12/05 1:13 a.m.•25 views

[SECURITY] Fedora 30 Update: tnef-1.4.18-1.fc30

5.5CVSS2.3AI score0.00769EPSS

Exploits1

OSV•added 2019/11/11 4:15 a.m.•1 views

DEBIAN-CVE-2019-18849

5.5CVSS6.3AI score0.00769EPSS

Exploits1References1

OSV•added 2019/11/11 4:15 a.m.•21 views

CVE-2019-18849