165 matches found
Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage
The Mozilla Foundation Security Advisory describes this flaw as: If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection...
Mozilla Thunderbird Information Disclosure Vulnerability (CNVD-2020-41069)
Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. A security vulnerability exists in Mozilla Thunderbird versions prior to 68.9.0, which...
CVE-2020-6980
Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol SMTP account data is saved in RSLogix 500, a local attacker with access to a...
Cyrus IMAP Elevation of Privilege Vulnerability
Cyrus IMAP is a Unix and Linux-based operating system for supporting IMAP Interactive Mail Access Protocol protocol open source mail server . A security vulnerability exists in Cyrus IMAP versions prior to 2.5.15, 3.0.x prior to 3.0.13, and 3.1.x through 3.1.8. An attacker can exploit the...
DEBIAN-CVE-2019-18928
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection...
curl: IMAP FETCH response out of bounds read
A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application...
Suricata Denial of Service Vulnerability (CNVD-2019-34757)
Suricata is a high-performance network intrusion detection IDS, intrusion prevention IPS and network security monitoring multi-threaded engine. A denial of service vulnerability exists in the ProcessMimeEntity function in util-decode-mime.c in Suricata. A remote attacker can exploit this...
ALPINE-CVE-2018-14351
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size...
UBUNTU-CVE-2018-14351
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size...
Roundcube Command Injection Vulnerability
RoundCube is a browser-based, multi-language IMAP client. A command injection vulnerability exists in RoundCube versions 1.2.0 through 1.3.5, which allows remote attackers to inject arbitrary IMAP commands and perform malicious actions due to a failure of the archive plugin to properly handle use...
golang: smtp.PlainAuth susceptible to man-in-the-middle password harvesting
It was found that smtp.PlainAuth authentication scheme in Go did not verify the TLS requirement properly. A remote man-in-the-middle attacker could potentially use this flaw to sniff SMTP credentials sent by a Go application...
curl: IMAP FETCH response out of bounds read
A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application...
CVE-2017-10208
Vulnerability in the Oracle Hospitality e7 component of Oracle Hospitality Applications subcomponent: Other. The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via SMTP to compromise Oracle Hospitality e7. Successfu...
OpenJDK: newline injection in the SMTP client (Networking, 8171533)
A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...
OpenJDK: newline injection in the SMTP client (Networking, 8171533)
A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...
OpenJDK: newline injection in the SMTP client (Networking, 8171533)
A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...
Wireshark 'dissectors/packet-imap.c' Denial of Service Vulnerability
Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial of service vulnerability exists in Wireshark 'dissectors/packet-imap.c'. An...
Sophos UTM Frontend Component Local Information Disclosure Vulnerability
Sophos UTM aka Astaro Security Gateway is a suite of unified threat management appliances from Sophos UK. The appliance provides gateway security protection and endpoint security protection. An information disclosure vulnerability exists in the Frontend component of Sophos UTM using firmware...
wireshark: SMTP dissector crash (wnpa-sec-2015-04)
epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service application crash via a crafted packet...
VulnCheck KEV: CVE-2010-4344
Heap-based buffer overflow in the stringvformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session...