NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0140)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with a...

ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.

...

CVE-2021-39272

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

CVE-2021-39272

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

CVE-2021-39272

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

CVE-2021-39272

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

Session fixation

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

CVE-2021-39272

Fetchmail prior to version 6.4.22 is vulnerable to STARTTLS encryption bypass in certain IMAP/PREAUTH scenarios. Multiple sources (Alpine Linux, Debian security tracker, CVE listing, and related advisories) confirm that upgrading to 6.4.22 or newer resolves this issue. The affected package is fet...

CVE-2021-39272

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

CVE-2021-39272

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

CVE-2021-39272

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

ALPINE-CVE-2021-36222

ecverify in kdc/kdcpreauthec.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation...

Zimbra Collaboration Suite Open Redirect Vulnerability

Zimbra Collaboration Suite ZCS is a collaboration software suite that includes an email server and web client. An open redirection vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite. An attacker obtaining a valid zimbra authentication token or a valid preauth token could...

CVE-2021-34807

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any U...

CVE-2021-34807

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a user to any U...

Zimbra Collaboration Suite 输入验证错误漏洞

Zimbra Collaboration Suite ZCS is a collaboration software suite that includes an email server and web client. An open redirection vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite. An attacker obtaining a valid zimbra authentication token or a valid preauth token could...

QNAP MusicStation / MalwareRemover File Upload / Command Injection Vulnerabilities

QNAP MusicStation/MalwareRemover Pre-Auth Remote Code Execution Summary QNAP MusicStation and MalwareRemover official apps are affected by an arbitrary file upload and a command injection vulnerabilities, leading to pre-auth remote root command execution. Product description from vendor “QNAP...

EulerOS 2.0 SP5 : mutt (EulerOS-SA-2020-2258)

According to the versions of the mutt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.CVE-2020-14093 - Mutt before 1.14.4 and NeoMutt befo...

EulerOS 2.0 SP3 : mutt (EulerOS-SA-2020-2109)

According to the versions of the mutt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.CVE-2020-14093 - Mutt before 1.14.4 and NeoMutt befo...

SUSE SLES12 Security Update : LibVNCServer (SUSE-SU-2020:2167-1)

This update for LibVNCServer fixes the following issues : security update fix CVE-2018-21247 bsc1173874, uninitialized memory contents are vulnerable to Information leak fix CVE-2019-20839 bsc1173875, buffer overflow in ConnectClientToUnixSock fix CVE-2019-20840 bsc1173876, unaligned accesses in...