CVE-2020-15955

In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the MitM attacker...

CVE-2013-4584

Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssloutgoingciphers not being applied to STARTTLS connections...

CVE-2019-1003009

An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/activedirectory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/activedirectory/ActiveDirectorySecurityRealm.java,...

CVE-2014-2727

The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection...

CVE-2012-0070

spamdyke prior to 4.2.1: STARTTLS reveals plaintext...

CVE-2014-8563

Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS...

Alibaba Cloud Linux 3 : 0095: evolution (ALINUX3-SA-2022:0095)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0095 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-3890: It was discovered...

SUSE-SU-2025:20144-1 Security update for curl

This update for curl fixes the following issues: Security issues fixed: - CVE-2025-0725: Fixed gzip integer overflow bsc1236590 - CVE-2025-0167: Fixed netrc and default credential leak bsc1236588 Other issues fixed: - Make sure the TLS handshake after a successful STARTTLS command is fully done...

Security update for curl

This update for curl fixes the following issues: Security issues fixed: CVE-2025-0725: Fixed gzip integer overflow bsc1236590 CVE-2025-0167: Fixed netrc and default credential leak bsc1236588 Other issues fixed: Make sure the TLS handshake after a successful STARTTLS command is fully done before...

Linux Distros Unpatched Vulnerability : CVE-2020-14954

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a begin TLS response, th...

Linux Distros Unpatched Vulnerability : CVE-2016-0772

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allo...

BIT-RUBY-MIN-2021-32066

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...

RHEL 6 / 7 : python27-python (RHSA-2016:1628)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1628 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high leve...

openSUSE 15 Security Update : python-aiosmtpd (openSUSE-SU-2024:0243-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0243-1 advisory. - CVE-2024-34083: Fixed MiTM attack could inject extra unencrypted commands after STARTTLS boo1224467 - CVE-2024-27305: Fixed SMTP smuggling...

USN-6881-1 exim4 vulnerability

It was discovered that Exim did not enforce STARTTLS sync point on client side. An attacker could possibly use this issue to perform response injection during MTA SMTP sending...

USN-6881-1: Exim vulnerability

It was discovered that Exim did not enforce STARTTLS sync point on client side. An attacker could possibly use this issue to perform response injection during MTA SMTP sending...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : Exim vulnerability (USN-6881-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6881-1 advisory. It was discovered that Exim did not enforce STARTTLS sync point on client side. An attacker could possibly use this issue to...

Medium: ruby

Issue Overview: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network...

Medium: ruby

Issue Overview: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network...

Amazon Linux 2 : ruby (ALAS-2024-2570)

The version of ruby installed on the remote host is prior to 2.0.0.648-36. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2570 advisory. An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception...