Headline

CVE-2023-6381: Improper input validation in Newsletter Software SuperMailer

Improper input validation vulnerability in Newsletter Software SuperMailer affecting version 11.20.0.2204. An attacker could exploit this vulnerability by sending a malicious configuration file (file with SMB extension) to a user via a link or email attachment and persuade the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to crash the application when attempting to load the malicious file.

11 months ago

CVE

Open in Source

#vulnerability #samba

Affected Resources

Newsletter Software SuperMailer, 11.20.0.2204 version.

Description

INCIBE has coordinated the publication of one vulnerabilitiy that affects Mikro Boeer Softwareentwicklungen Newsletter SuperMailer software, in its 3.27.0.0 version, which has been discovered by Rafael Pedrero.

This vulnerabilitiy has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

CVE-2023-6381: CVSS v3.1: 3.3 | CVSS: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L | CWE-20.

Solution

There is no reported solution at this time.

Detail

CVE-2023-6381: improper input validation vulnerability in Newsletter Software SuperMailer affecting version 11.20.0.2204. An attacker could exploit this vulnerability by sending a malicious configuration file (file with SMB extension) to a user via a link or email attachment and persuade the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to crash the application when attempting to load the malicious file.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

11 months ago

11 months ago

11 months ago

11 months ago

11 months ago