CVSS: 6.5EPSS: 11%CPEs: 4EXPL: 0CVE-2018-8305
https://notcve.org/view.php?id=CVE-2018-8305
11 Jul 2018 — An information disclosure vulnerability exists in Windows Mail Client when a message is opened, aka "Windows Mail Client Information Disclosure Vulnerability." This affects Mail, Calendar, and People in Windows 8.1 App Store. Existe una vulnerabilidad de divulgación de información en Windows Mail Client cuando se abre un mensaje. Esto también se conoce como "Windows Mail Client Information Disclosure Vulnerability". Esto afecta a Mail, Calendar y People en la App Store de Windows 8.1. • http://www.securityfocus.com/bid/104618 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 1%CPEs: 2EXPL: 0CVE-2016-5101
https://notcve.org/view.php?id=CVE-2016-5101
29 Jun 2016 — Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted e-mail message. Vulnerabilidad no especificada en Opera Mail en versiones anteriores a 2016-02-16 en Windows permite a atacantes remotos asistidos por usuario ejecutar código arbitrario a través de un mensaje de correo electrónico manipulado. • http://www.opera.com/blogs/security/2016/02/opera-12-and-opera-mail-security-update • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 55EXPL: 0CVE-2015-7404
https://notcve.org/view.php?id=CVE-2015-7404
14 Nov 2015 — IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server (aka Spectrum Protect for Mail) 5.5 before 5.5.1.1, 6.1 and 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.4; and Tivoli Storage FlashCopy Manager for Windows (aka Spectrum Protect Snapshot) 2.x and 3.1 before 3.1.1.6, ... • http://www-01.ibm.com/support/docview.wss?uid=swg1IT11349 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 19%CPEs: 9EXPL: 0CVE-2013-1299
https://notcve.org/view.php?id=CVE-2013-1299
29 Mar 2013 — Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail message. Microsoft Windows Modern Mail permite a atacantes remotos burlar destinos de enlace a través de un manipulado HTML e-mail. • http://support.microsoft.com/kb/2832006 •
CVSS: 7.5EPSS: 10%CPEs: 56EXPL: 3CVE-2010-3460 – Axigen Webmail 1.0.1 - Directory Traversal
https://notcve.org/view.php?id=CVE-2010-3460
17 Sep 2010 — Directory traversal vulnerability in the HTTP interface in AXIGEN Mail Server 7.4.1 for Windows allows remote attackers to read arbitrary files via a %5C (encoded backslash) in the URL. Vulnerabilidad de salto de directorio en la interfaz HTTP en AXIGEN Mail Server v7.4.1 para Windows permite a atacantes remotos leer archivos a su elección a través de un %5C (barra invertida codificada) en la URL. • https://www.exploit-db.com/exploits/34622 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.3EPSS: 55%CPEs: 35EXPL: 4CVE-2010-0816 – Microsoft Windows Outlook Express and Windows Mail - Integer Overflow
https://notcve.org/view.php?id=CVE-2010-0816
12 May 2010 — Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7; and Windows Mail on Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote e-mail servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) POP3 or (2) IMAP response, as demonstrated by a certain +OK response on TCP port 110, aka "Outlo... • https://www.exploit-db.com/exploits/12564 • CWE-189: Numeric Errors •
CVSS: 7.1EPSS: 46%CPEs: 4EXPL: 0CVE-2008-1448
https://notcve.org/view.php?id=CVE-2008-1448
13 Aug 2008 — The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability." El manejador de protocolo MHTML en un componente de Outlook Express versiones 5.5 SP2 y 6 hasta ... • http://marc.info/?l=bugtraq&m=121915960406986&w=2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 10%CPEs: 23EXPL: 0CVE-2008-3068
https://notcve.org/view.php?id=CVE-2008-3068
07 Jul 2008 — Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension. Microsoft Crypto API 5.131.2600.2180 hasta la 6.0, como la... • http://securityreason.com/securityalert/3978 •
CVSS: 9.8EPSS: 64%CPEs: 3EXPL: 0CVE-2007-3897
https://notcve.org/view.php?id=CVE-2007-3897
09 Oct 2007 — Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption. Un desbordamiento de búfer en la región heap de la memoria en Microsoft Outlook Express versión 6 y anteriores, y Windows Mail para Vista, permite que los servidores remotos de Network News Transfer Protocol (NNTP) ejecuten código arbitrario por medio de las respuestas N... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=607 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 51%CPEs: 12EXPL: 0CVE-2007-2227
https://notcve.org/view.php?id=CVE-2007-2227
12 Jun 2007 — The MHTML protocol handler in Microsoft Outlook Express 6 and Windows Mail in Windows Vista does not properly handle Content-Disposition "notifications," which allows remote attackers to obtain sensitive information from other Internet Explorer domains, aka "Content Disposition Parsing Cross Domain Information Disclosure Vulnerability." El manejador de protocolo MHTML en Microsoft Outlook Express 6 y Windows Mail en Windows Vista no maneja adecuadamente "notificaciones" de disposición de contenido (Content-... • http://archive.openmya.devnull.jp/2007.06/msg00060.html •