CVE-2024-10635

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-20
View all →

Vulnerability Description

Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstream email client, the malicious attachment could cause partial loss of integrity and confidentiality to their system.

Related Vulnerabilities

CVE-2009-1197

MEDIUM
CVSS:5.3(Medium)

Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp.

CWE-202009

CVE-2010-3667

MEDIUM
CVSS:5.3(Medium)

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element.

CWE-202010

CVE-2011-2902

MEDIUM
CVSS:5.3(Medium)

zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary fil...

CWE-202011

CVE-2013-4101

MEDIUM
CVSS:5.3(Medium)

Cryptocat before 2.0.22 Link Markup Decorator HTML Handling Weakness

CWE-202013

CVE-2014-0091

MEDIUM
CVSS:5.3(Medium)

Foreman has improper input validation which could lead to partial Denial of Service

CWE-202014

CVE-2014-1935

MEDIUM
CVSS:5.3(Medium)

9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames.

CWE-202014