CVE-2023-26490

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to...

CVE-2023-26490 mailcow is vulnerable to shell command injection via xoauth2 authentication in imapsync​

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to...

CVE-2023-26490 mailcow is vulnerable to shell command injection via xoauth2 authentication in imapsync​

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to...

CVE-2023-26490 mailcow is vulnerable to shell command injection via xoauth2 authentication in imapsync​

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this vulnerability to...

openSUSE Security Update : alpine (openSUSE-2021-675)

This update for alpine fixes the following issues : Update to release 2.24 - A few crash fixes - Implementation of XOAUTH2 for Yahoo! Mail. Update to release 2.23.2 - Expansion of the configuration screen for XOAUTH2 to include username, and tenant. - Alpine uses the domain in the From: header of...

OPENSUSE-SU-2021:0695-1 Security update for alpine

This update for alpine fixes the following issues: Update to release 2.24 A few crash fixes Implementation of XOAUTH2 for Yahoo! Mail. Update to release 2.23.2 Expansion of the configuration screen for XOAUTH2 to include username, and tenant. Alpine uses the domain in the From: header of a messag...

Security update for alpine (moderate)

openSUSE Security Update: Security update for alpine Announcement ID: openSUSE-SU-2021:0695-1 Rating: moderate References: 1173281 Cross-References: CVE-2020-14929 CVSS scores: CVE-2020-14929 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-14929 SUSE: 7.5...

openSUSE: Security Advisory for alpine (openSUSE-SU-2021:0675-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for alpine (moderate)

openSUSE Security Update: Security update for alpine Announcement ID: openSUSE-SU-2021:0675-1 Rating: moderate References: 1173281 Cross-References: CVE-2020-14929 CVSS scores: CVE-2020-14929 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2020-14929 SUSE: 7.5...

GHSA-6W3V-66MJ-2QM6 Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j

A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQ...

Moderate severity vulnerability that affects org.apache.qpid:apache-qpid-broker-j

A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQ...

Authentication flaw

A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQ...

CVE-2018-1298

A Denial of Service vulnerability was found in Apache Qpid Broker-J 7.0.0 in functionality for authentication of connections for AMQP protocols 0-8, 0-9, 0-91 and 0-10 when PLAIN or XOAUTH2 SASL mechanism is used. The vulnerability allows unauthenticated attacker to crash the broker instance. AMQ...

Denial Of Service (DoS)

qpid-broker-core is vulnerable to denial of service DoS attacks. When PLAIN or XOAUTH2 SASL is used, attackers can cause the application to crash by not sending an initial response...