Lucene search
K

165 matches found

RedHat Linux
RedHat Linux
added 2020/06/19 1:55 a.m.4 views

Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage

The Mozilla Foundation Security Advisory describes this flaw as: If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection...

7.5CVSS7.3AI score0.00976EPSS
Exploits0References5
CNVD
CNVD
added 2020/06/08 12:0 a.m.1 views

Mozilla Thunderbird Information Disclosure Vulnerability (CNVD-2020-41069)

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. A security vulnerability exists in Mozilla Thunderbird versions prior to 68.9.0, which...

7.5CVSS8.7AI score0.00976EPSS
Exploits0References1
OSV
OSV
added 2020/03/16 4:15 p.m.4 views

CVE-2020-6980

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol SMTP account data is saved in RSLogix 500, a local attacker with access to a...

3.3CVSS5.8AI score0.00415EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/18 12:0 a.m.1 views

Cyrus IMAP Elevation of Privilege Vulnerability

Cyrus IMAP is a Unix and Linux-based operating system for supporting IMAP Interactive Mail Access Protocol protocol open source mail server . A security vulnerability exists in Cyrus IMAP versions prior to 2.5.15, 3.0.x prior to 3.0.13, and 3.1.x through 3.1.8. An attacker can exploit the...

6.5CVSS6.9AI score0.01655EPSS
Exploits0References1
OSV
OSV
added 2019/11/15 4:15 a.m.3 views

DEBIAN-CVE-2019-18928

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection...

9.8CVSS8.2AI score0.02392EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/11/13 8:36 a.m.20 views

curl: IMAP FETCH response out of bounds read

A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application...

9.1CVSS7.4AI score0.06224EPSS
Exploits0References5
CNVD
CNVD
added 2018/11/06 12:0 a.m.1 views

Suricata Denial of Service Vulnerability (CNVD-2019-34757)

Suricata is a high-performance network intrusion detection IDS, intrusion prevention IPS and network security monitoring multi-threaded engine. A denial of service vulnerability exists in the ProcessMimeEntity function in util-decode-mime.c in Suricata. A remote attacker can exploit this...

7.5CVSS6.9AI score0.02794EPSS
Exploits0References1
OSV
OSV
added 2018/07/17 5:29 p.m.5 views

ALPINE-CVE-2018-14351

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size...

9.8CVSS7AI score0.03166EPSS
Exploits0References1
OSV
OSV
added 2018/07/17 12:0 a.m.2 views

UBUNTU-CVE-2018-14351

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size...

9.8CVSS7.2AI score0.03166EPSS
Exploits0References9
CNVD
CNVD
added 2018/05/03 12:0 a.m.4 views

Roundcube Command Injection Vulnerability

RoundCube is a browser-based, multi-language IMAP client. A command injection vulnerability exists in RoundCube versions 1.2.0 through 1.3.5, which allows remote attackers to inject arbitrary IMAP commands and perform malicious actions due to a failure of the archive plugin to properly handle use...

8.8CVSS7.9AI score0.02289EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/12/14 11:34 a.m.7 views

golang: smtp.PlainAuth susceptible to man-in-the-middle password harvesting

It was found that smtp.PlainAuth authentication scheme in Go did not verify the TLS requirement properly. A remote man-in-the-middle attacker could potentially use this flaw to sniff SMTP credentials sent by a Go application...

5.9CVSS7.4AI score0.01105EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/11/27 2:51 p.m.3 views

curl: IMAP FETCH response out of bounds read

A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application...

9.1CVSS7.4AI score0.06224EPSS
Exploits0References5
OSV
OSV
added 2017/08/08 3:29 p.m.2 views

CVE-2017-10208

Vulnerability in the Oracle Hospitality e7 component of Oracle Hospitality Applications subcomponent: Other. The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via SMTP to compromise Oracle Hospitality e7. Successfu...

4.3CVSS7.3AI score0.01389EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2017/05/10 12:44 p.m.6 views

OpenJDK: newline injection in the SMTP client (Networking, 8171533)

A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...

4.3CVSS7.4AI score0.01686EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/04/24 11:16 a.m.5 views

OpenJDK: newline injection in the SMTP client (Networking, 8171533)

A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...

4.3CVSS7.4AI score0.01686EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/04/24 11:16 a.m.6 views

OpenJDK: newline injection in the SMTP client (Networking, 8171533)

A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...

4.3CVSS7.4AI score0.01686EPSS
Exploits0References5
CNVD
CNVD
added 2017/04/18 12:0 a.m.5 views

Wireshark 'dissectors/packet-imap.c' Denial of Service Vulnerability

Wireshark formerly known as Ethereal is a network packet analyzer software developed by the Wireshark team. The function of the software is to intercept network packets and display detailed data for analysis. A denial of service vulnerability exists in Wireshark 'dissectors/packet-imap.c'. An...

7.5CVSS8AI score0.03284EPSS
Exploits0References1
CNVD
CNVD
added 2016/10/09 12:0 a.m.5 views

Sophos UTM Frontend Component Local Information Disclosure Vulnerability

Sophos UTM aka Astaro Security Gateway is a suite of unified threat management appliances from Sophos UK. The appliance provides gateway security protection and endpoint security protection. An information disclosure vulnerability exists in the Frontend component of Sophos UTM using firmware...

4.4CVSS6.1AI score0.00538EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2015/11/19 6:3 a.m.6 views

wireshark: SMTP dissector crash (wnpa-sec-2015-04)

epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service application crash via a crafted packet...

5CVSS5.9AI score0.02432EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2010/12/10 12:0 a.m.4 views

VulnCheck KEV: CVE-2010-4344

Heap-based buffer overflow in the stringvformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session...

9.8CVSS7.9AI score0.71794EPSS
Exploits6References1
Rows per page
Query Builder