723 matches found
Ubuntu: Security Advisory (USN-3724-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-3724-1: Evolution Data Server vulnerability
Jon Kristensen discovered that Evolution Data Server would automatically downgrade a connection to an IMAP server if the IMAP server did not support SSL. This would result in the user's password being unexpectedly sent in clear text, even though the user had requested to use SSL...
USN-3724-1 evolution-data-server vulnerability
Jon Kristensen discovered that Evolution Data Server would automatically downgrade a connection to an IMAP server if the IMAP server did not support SSL. This would result in the user's password being unexpectedly sent in clear text, even though the user had requested to use SSL...
[SECURITY] [DLA 1443-1] evolution-data-server security update
Package : evolution-data-server Version : 3.12.9git20141128.5242b0-2+deb8u4 CVE IDs : CVE-2016-10727 It was discovered that there was a protocol implementation error in evolution-data-server where "STARTTLS not supported" errors from IMAP servers were ignored leading to the use of insecure...
DLA-1443-1 evolution-data-server - security update
Bulletin has no description...
GNOME evolution-data-server IMAPx component information disclosure vulnerability
GNOME evolution-data-server is the GNOME project's set of mail data servers for the Gnome desktop environment on Linux.IMAPx is one of the components used to handle mail and folders. An information disclosure vulnerability exists in the camel/providers/imapx/camel-imapx-server.c file of the IMAPx...
Debian: Security Advisory (DLA-1443-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 28 Update: evolution-data-server-3.28.4-1.fc28
The evolution-data-server package provides a unified backend for programs t hat work with contacts, tasks, and calendar information. It was originally developed for Evolution hence the name, but is now used by other packages...
Fedora Update for evolution-data-server FEDORA-2018-1434efb8f3
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Code injection
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensiti...
CVE-2016-10727
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensiti...
DEBIAN-CVE-2016-10727
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensiti...
CVE-2016-10727
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensiti...
CVE-2016-10727
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensiti...
CVE-2016-10727
Evolution Data Server’s IMAPx component (camel-imapx-server.c) before version 3.21.2 allows plaintext transmission when a client requests STARTTLS but the server does not use STARTTLS, enabling password sniffing over the network. Root cause: incorrect handling that should have error-terminated th...
CVE-2016-10727
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensiti...
CVE-2016-10727
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensiti...
UBUNTU-CVE-2016-10727
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensiti...
Security Bulletin: IBM Data Server Driver for JDBC and SQLJ is affected by a 3RD PARTY Unsafe deserialization
Summary Unsafe deserialization in DB2 JDBC driver Vulnerability Details The Db2 JDBC driver deserializes the contents of /tmp/connlicj.bin default path, this is configurable, which leads to object injection and potentially arbitrary code execution depending on the classpath. CVEID: CVE-2017-1677...
Security Bulletin: IBM Data Server Driver for ODBC and CLI is affected by multiple vulnerabilities in the GSKit library
Summary IBM Data Server Driver for ODBC and CLI is affected by multiple vulnerabilities in the GSKit library. Vulnerability Details CVEID: CVE-2016-0705 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a double-free error when parsing DSA private keys. An attacker could exploi...