8 results (0.005 seconds)

CVSS: 5.9EPSS: 0%CPEs: 21EXPL: 1

The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. La especificación S/MIME permite un ataque malleability-gadget Cipher Block Chaining (CBC) que puede conducir indirectamente a la exfiltración en texto plano. Esto también se conoce como EFAIL. • http://www.securityfocus.com/bid/104165 https://efail.de https://news.ycombinator.com/item?id=17066419 https://pastebin.com/gNCc8aYm https://twitter.com/matthew_d_green/status/996371541591019520 https://www.synology.com/support/security/Synology_SA_18_22 •

CVSS: 7.5EPSS: 13%CPEs: 1EXPL: 0

Buffer overflow in RITLabs The Bat! 3.60.07 allows remote attackers to execute arbitrary code via a long Subject field. • http://secunia.com/advisories/18989 http://securityreason.com/securityalert/485 http://www.nsag.ru/vuln/953.html http://www.securityfocus.com/archive/1/425936/100/0/threaded http://www.securityfocus.com/bid/16797 http://www.vupen.com/english/advisories/2006/0717 https://exchange.xforce.ibmcloud.com/vulnerabilities/24882 •

CVSS: 5.0EPSS: 4%CPEs: 8EXPL: 1

RITLabs The Bat! before 3.0.0.15 displays certain important headers from encapsulated data in message/partial MIME messages, instead of the real headers, which is in violation of RFC2046 header merging rules and allows remote attackers to spoof the origin of e-mail by sending a fragmented message, as demonstrated using spoofed Received: and Message-ID: headers. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-February/041973.html http://secunia.com/advisories/18713 http://www.security.nnov.ru/advisories/thebatspoof.asp http://www.securityfocus.com/archive/1/424129/100/0/threaded http://www.securityfocus.com/bid/16515 https://exchange.xforce.ibmcloud.com/vulnerabilities/24535 https://www.ritlabs.com/bt/bug_view_advanced_page.php?bug_id=0003029 •

CVSS: 2.1EPSS: 0%CPEs: 44EXPL: 2

Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts with insecure ACLs, which allows local users to read other users' email messages. • http://securitytracker.com/id?1008004 http://www.securityfocus.com/archive/1/342485 http://www.securityfocus.com/bid/8891 https://exchange.xforce.ibmcloud.com/vulnerabilities/13527 •

CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 2

The Bat! 1.53d and 1.54beta, and possibly other versions, allows remote attackers to cause a denial of service (crash) via an attachment whose name includes an MS-DOS device name. • https://www.exploit-db.com/exploits/21307 http://marc.info/?l=bugtraq&m=101483832026841&w=2 http://www.iss.net/security_center/static/8303.php http://www.securityfocus.com/bid/4187 •