SUSE CVE-2026-7666

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

CVE-2026-7666 Potential unencrypted email transmission via STARTTLS in the SMTP backend

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

CVE-2026-7666

Django 6.0 before 6.0.6 and 5.2 before 5.2.15 are affected. The SMTP email backend (django.core.mail.backends.smtp.EmailBackend) may reuse a partially-initialized connection after a failed STARTTLS handshake when fail_silently=True, allowing on-path attackers to read email content in cleartext. T...

Django 安全漏洞

Django is a set of open-source web frameworks based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Versions of Django prior to 6.0.6 and 5.2.15 contained security vulnerabilities. These...

EUVD-2021-16428

Malware in sbrugna...

SUSE-SU-2025:20144-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2025-0725: Fixed gzip integer overflow bsc1236590 - CVE-2025-0167: Fixed netrc and default credential leak bsc1236588 Other issues fixed: - Make sure the TLS handshake after a successful STARTTLS command is fully done...

Security update for curl

This update for curl fixes the following issues: Security issues fixed: CVE-2025-0725: Fixed gzip integer overflow bsc1236590 CVE-2025-0167: Fixed netrc and default credential leak bsc1236588 Other issues fixed: Make sure the TLS handshake after a successful STARTTLS command is fully done before...

CVE-2021-29969

If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...

Oracle Linux 8 : thunderbird (ELSA-2021-2883)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-2883 advisory. 78.12.0-3.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 78.12.0-3 - Rebuild to pickup older nss 78.12.0-2...

Injection Vulnerability

thunderbird is vulnerable to injection vulnerability. The vulnerability exists due to the lack of sanitization of input data prior to the completion of the STARTTLS handshake...