33 matches found
SUSE CVE-2014-3556
The STARTTLS implementation in mail/ngxmailsmtphandler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command...
OESA-2022-1561 mutt security update
Mutt is a small but very powerful text-based mail client for Unix operating systems. Security Fixes: Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g...
CVE-2021-28714
Guest can force Linux netback driver to hog large amounts of kernel memory This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the...
PT-2021-20241 · Sap · Sap Netweaver As Abap
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP versions 7.22 through 7.84 Description: The issue allows an unauthorized attacker to insert cleartext commands into encrypted SMTP sessions over the network due to improper restriction of I/O buffering. This can partiall...
EulerOS 2.0 SP5 : mutt (EulerOS-SA-2020-2258)
According to the versions of the mutt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.CVE-2020-14093 - Mutt before 1.14.4 and NeoMutt befo...
CVE-2020-15953
LibEtPan ≤ 1.9.4 (used in MailCore 2 ≤ 0.6.3 and related products) contains a STARTTLS buffering issue that enables response injection during TLS negotiation across IMAP, SMTP, and POP3. The root cause is improper handling when a server responds with begin TLS, causing the client to read extra da...
Design/Logic Flaw
evolution-data-server eds through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."...
CVE-2020-14928
evolution-data-server eds through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."...
openSUSE: Security Advisory for mutt (openSUSE-SU-2020:0903-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE: Security Advisory for mutt (openSUSE-SU-2020:0915-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Design/Logic Flaw
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a man-in-the-middle attacker and evaluates it in a TLS context, aka "response injection."...
PT-2020-5911 · Mutt +5 · Mutt +5
Name of the Vulnerable Software and Affected Versions: Mutt versions prior to 1.14.4 NeoMutt versions prior to 2020-06-19 Description: The issue is related to a STARTTLS buffering problem that affects IMAP, SMTP, and POP3 protocols. When a server sends a "begin TLS" response, the client reads...
March 22, 2018—KB4088882 (Preview of Monthly Rollup)
March 22, 2018—KB4088882 Preview of Monthly Rollup Improvements and fixes This non-security update includes improvements and fixes that were a part of KB4088876 released March 13, 2018 and also includes these new quality improvements as a preview of the next Monthly Rollup update: Addresses an...