Lucene search
+L

62 matches found

RedHat Linux
RedHat Linux
added 2020/11/04 1:25 a.m.6 views

evolution-data-server: Response injection via STARTTLS in SMTP and POP3

evolution-data-server eds through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."...

5.9CVSS5.8AI score0.02808EPSS
Exploits1References4
Rapid7 Blog
Rapid7 Blog
added 2020/10/19 1:4 p.m.30 views

NICER Protocol Deep Dive: Internet Exposure of IMAP and POP

Welcome to the NICER Protocol Deep Dive blog series! When we started researching what all was out on the internet way back in January, we had no idea we'd end up with a hefty, 137-page tome of a research report. The sheer length of such a thing might put off folks who might otherwise learn a thin...

7.2AI score
Exploits0
OSV
OSV
added 2020/07/27 7:15 a.m.6 views

UBUNTU-CVE-2020-15953

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...

7.4CVSS7.1AI score0.02413EPSS
Exploits1References4
OSV
OSV
added 2020/07/17 4:15 p.m.2 views

DEBIAN-CVE-2020-14928

evolution-data-server eds through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."...

5.9CVSS6.8AI score0.02808EPSS
Exploits1References1
OSV
OSV
added 2020/07/08 12:0 a.m.14 views

UBUNTU-CVE-2020-14928

evolution-data-server eds through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."...

5.9CVSS6.9AI score0.02808EPSS
Exploits1References3
OSV
OSV
added 2020/06/21 5:15 p.m.4 views

DEBIAN-CVE-2020-14954

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a man-in-the-middle attacker and evaluates it in a TLS context, aka "response injection."...

5.9CVSS6.6AI score0.02288EPSS
Exploits0References1
OSV
OSV
added 2020/06/21 5:15 p.m.13 views

UBUNTU-CVE-2020-14954

Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a man-in-the-middle attacker and evaluates it in a TLS context, aka "response injection."...

5.9CVSS6.6AI score0.02288EPSS
Exploits0References8
Fedora
Fedora
added 2020/01/04 10:16 p.m.37 views

[SECURITY] Fedora 30 Update: cyrus-imapd-3.0.13-1.fc30

The Cyrus IMAP Internet Message Access Protocol server provides access to personal mail, system-wide bulletin boards, news-feeds, calendar and contac ts through the IMAP, JMAP, NNTP, CalDAV and CardDAV protocols. The Cyrus IMAP server is a scalable enterprise groupware system designed for use fro...

9.8CVSS0.5AI score0.02392EPSS
Exploits0
Ubuntu
Ubuntu
added 2019/10/21 7:26 p.m.130 views

USN-4160-1: UW IMAP vulnerability

It was discovered that UW IMAP incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands...

8.5CVSS7.8AI score0.9523EPSS
Exploits6
RedHat Linux
RedHat Linux
added 2014/06/25 3:39 p.m.4 views

dovecot: denial of service through maxxing out SSL connections

Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service resource consumption via an incomplete SSL/TLS handshake for an IMAP/POP3 connection...

5CVSS6.2AI score0.03331EPSS
Exploits0References4
OSV
OSV
added 2014/05/14 7:55 p.m.6 views

DEBIAN-CVE-2014-3430

Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service resource consumption via an incomplete SSL/TLS handshake for an IMAP/POP3 connection...

5CVSS6.8AI score0.03331EPSS
Exploits0References1
OSV
OSV
added 2014/05/13 12:0 a.m.5 views

UBUNTU-CVE-2014-3430

Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service resource consumption via an incomplete SSL/TLS handshake for an IMAP/POP3 connection...

5CVSS6.2AI score0.03331EPSS
Exploits0References4
Kitploit
Kitploit
added 2014/02/12 12:13 a.m.39 views

[Mail Password Sniffer] Email Password Recovery and Sniffing Software

Mail Password Sniffer is the free Email Password Sniffing and Recovery Software to recover mail account passwords passing through the network. It automatically detects the Email authentication packets passing through network and decodes the passwords for all Mail Protocols including POP3 , IMAP ,...

7.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.26 views

Oracle Linux 3 : imap (ELSA-2009-0275)

From Red Hat Security Advisory 2009:0275 : Updated imap packages to fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The imap package provides server daemons for both the IMA...

10CVSS6.1AI score0.06355EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2012/09/18 12:0 a.m.7 views

PT-2012-4419 · Microsoft · Windows Phone 7

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Phone 7 affected versions not specified Description: The issue allows man-in-the-middle attackers to spoof an SSL server for the POP3, IMAP, or SMTP protocol via an arbitrary valid certificate, as Microsoft Windows Phone 7...

5.9CVSS6.8AI score0.03595EPSS
Exploits1References6
OSV
OSV
added 2012/04/13 8:55 p.m.4 views

DEBIAN-CVE-2012-0036

curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the 1 IMAP, 2 POP3, or 3 SMTP protocol...

7.5CVSS6.8AI score0.16723EPSS
Exploits0References1
curl security advisories
curl security advisories
added 2012/01/24 8:0 a.m.8 views

URL sanitization vulnerability

curl is vulnerable to a data injection attack for certain protocols through control characters embedded or percent-encoded in URLs. When parsing URLs, libcurl's parser is liberal and only parses as little as possible and lets as much as possible through as long as it can figure out what to do. In...

7.5CVSS7.1AI score0.16723EPSS
Exploits0Affected Software2
Fedora
Fedora
added 2009/09/09 1:54 a.m.13 views

[SECURITY] Fedora 10 Update: cyrus-imapd-2.3.14-2.fc10

The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise environments using standards-based internet mail technologies. A full Cyrus IMAP implementation allows a seamless mail and bulletin board...

0.9AI score
Exploits0
Fedora
Fedora
added 2009/09/04 4:8 a.m.30 views

[SECURITY] Fedora 10 Update: fetchmail-6.3.8-9.fc10

Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC for retrieval...

6.4CVSS0.8AI score0.01503EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2009/02/19 5:48 p.m.27 views

Moderate: Red Hat Security Advisory: imap security update

Updated imap packages to fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The imap package provides server daemons for both the IMAP Internet Message Access Protocol and POP...

10CVSS6.2AI score0.06355EPSS
Exploits0References2
Rows per page
Query Builder