MiracleLinux 4 : dovecot-2.0.9-7.AXS4.1 (AXSA:2014-438:02)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2014-438:02 advisory. Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in eith...

EUVD-2014-2926

Malware in sbrugna...

EUVD-2002-1803

Malware in sbrugna...

EUVD-2013-4479

Malware in sbrugna...

OpenSSL 0.9.7 < 0.9.7d Multiple Vulnerabilities

The version of OpenSSL installed on the remote host is prior to 0.9.7d. It is, therefore, affected by multiple vulnerabilities as referenced in the 0.9.7d advisory. - The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the...

Security Bulletin: TXSeries for Multiplatforms V7.1 : Security vulnerability in using GSKit 8 version with IBM TXSeries for Multiplatforms Version 7.1 (CVE-2013-6329)

Abstract Vulnerabilities in relation to SSL/TLS Handshake Processing related to the Session Resumption when using SSLV2 of GSKit 8 with TXSeries for Multiplatforms V7.1 have been addressed Content VULNERABILITY DETAILS: CVEID: CVE-2013-6329 DESCRIPTION: A SSLV2 ClientHello that successfully resum...

CVE-2020-5929

In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous ADH or Ephemeral DHE Diffie-Hellman key exchange and Single DH use option not enable...

Design/Logic Flaw

In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous ADH or Ephemeral DHE Diffie-Hellman key exchange and Single DH use option not enable...

Security Bulletin: IBM Rational ClearCase CCRC WAN Server remote denial of service (CVE-2013-6329)

Summary A vulnerability in relation to SSL/TLS Handshake Processing has been discovered related to the SSLV3 Session Resumption when using SSLV2. Vulnerability Details | Subscribe to My Notifications to be notified of important product support alerts like this. Follow this link for more informati...

CVE-2014-2903

CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake...

CVE-2014-2903

CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake...

IBM WebSphere Application Server 7.0 < 7.0.0.33 Multiple Vulnerabilities

Binary data 9699.prm...

Mandriva Linux Security Advisory : dovecot (MDVSA-2015:113)

Updated dovecot packages fix security vulnerability. Dovecot before 2.2.13 is vulnerable to a DoS attack against imap/pop3-login processes. If SSL/TLS handshake was started but wasn't finished, the login process attempted to eventually forcibly disconnect the client, but failed to do it correctly...

OpenJDK: incorrect tracking of ChangeCipherSpec during SSL/TLS handshake (JSSE, 8057555)

It was discovered that the SSL/TLS implementation in the JSSE component in OpenJDK failed to properly check whether the ChangeCipherSpec was received during the SSL/TLS connection handshake. An MITM attacker could possibly use this flaw to force a connection to be established without encryption...

jdk7-openjdk: multiple issues

CVE-2014-3566 man-in-the-middle Nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. - CVE-2014-6585 out-of-bounds read Allows remote attackers to affect confidentiality via font parsing...

IBM WebSphere Application Server 7.0 < Fix Pack 33 Multiple Vulnerabilities

IBM WebSphere Application Server 7.0 prior to Fix Pack 33 is running on the remote host. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists within the Administration Console, where user input is improperly validated. This could allow a remote...

JVN#61247051: OpenSSL improper handling of Change Cipher Spec message

OpenSSL contains a flaw in the implementation of the Change Cipher Spec protocol that allows a MITM man-in-the-middle attacker to force a server and a client to use easily guessable cryptgraphic key material during the initial SSL/TLS handshake CWE-325. Impact SSL/TLS communication between the...

Updated dovecot packages fix security vulnerability

Updated dovecot packages fix security vulnerability. Dovecot before 2.2.13 is vulnerable to a DoS attack against imap/pop3-login processes. If SSL/TLS handshake was started but wasn't finished, the login process attempted to eventually forcibly disconnect the client, but failed to do it correctly...

Design/Logic Flaw

Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service resource consumption via an incomplete SSL/TLS handshake for an IMAP/POP3 connection...

[oss-security] CVE request: Denial of Service attacks against Dovecot v1.1+

Hello, Can I get CVE identifier for DoS attacks against Dovecot v1.1+, thank you. http://permalink.gmane.org/gmane.mail.imap.dovecot/77499 """ There's an upper limit to how many IMAP/POP3 connections can exist that haven't logged in and separate limits for post-login. Normally when this limit is...