Security
Headlines

Headlines Latest CVEs

Headline

GHSA-w45j-f5g5-w94x: Apache James vulnerable to buffering attack

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests.

2 years ago

#apache #git #ssl

Apache James vulnerable to buffering attack

High severity GitHub Reviewed Published Sep 9, 2022 • Updated Sep 15, 2022

Related news

CVE-2022-28220: Apache James

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests.

2 years ago

#apache #sap #ssl

ghsa: Latest News

GHSA-qg5g-gv98-5ffh: rustls network-reachable panic in `Acceptor::accept`

1 hour ago

GHSA-rjjv-87mx-6x3h: @sveltejs/kit vulnerable to on dev mode 404 page

2 hours ago

GHSA-mh2x-fcqh-fmqv: @sveltejs/kit has unescaped error message included on error page

2 hours ago

GHSA-5xr6-xhww-33m4: Artifact poisoning vulnerability in action-download-artifact v5 and earlier

2 hours ago

GHSA-7f6p-phw2-8253: Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws

3 hours ago