1063 matches found
OESA-2024-1696 python-aiosmtpd security update
This is a server for SMTP and related protocols, similar in utility to the standard library's smtpd.py module, but rewritten to be based on asyncio for Python 3. Security Fixes: aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on...
OESA-2024-1695 python-aiosmtpd security update
This is a server for SMTP and related protocols, similar in utility to the standard library's smtpd.py module, but rewritten to be based on asyncio for Python 3. Security Fixes: aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on...
RHEL 7 : evolution-data-server (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - evolution-data-server: Response injection via STARTTLS in SMTP and POP3 CVE-2020-14928 - In GNOME...
aiosmtpd STARTTLS unencrypted commands injection
Summary Servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a MitM attack. References NO STARTTLS: Similar vulnerabilities discovered by previous researchers...
CVE-2024-34083
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...
CVE-2024-34083
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...
CVE-2024-34083 STARTTLS unencrypted commands injection
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...
CVE-2024-34083 STARTTLS unencrypted commands injection
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...
CVE-2024-34083 STARTTLS unencrypted commands injection
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...
CVE-2024-34083
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...
aiosmptd 安全漏洞
aiosmtpd is an asyncio-based SMTP server. A security vulnerability exists in aiosmptd versions prior to 1.4.6, which stems from the presence of STARTTLS unencrypted command injection...
RHEL 6 : fetchmail (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - fetchmail: STARTTLS session encryption bypassing CVE-2021-39272 - reportvbuild in report.c in Fetchmail...
RHEL 7 : kmail (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - kmail: Send Later with Delay bypasses OpenPGP CVE-2017-9604 - In KDE KMail 19.12.3 aka 5.13.3, the SMTP...
RHEL 6 : kmail (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - kmail: Send Later with Delay bypasses OpenPGP CVE-2017-9604 - In KDE KMail 19.12.3 aka 5.13.3, the SMTP...
BIT-RUBY-2021-32066
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...
CentOS 9 : fetchmail-6.4.24-1.el9
The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the fetchmail-6.4.24-1.el9 build changelog. - reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow...
Rocky Linux 8 : fetchmail (RLSA-2022:1964)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:1964 advisory. - reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow mail servers to...
Rocky Linux 8 : ruby:2.5 (RLSA-2022:0672)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:0672 advisory. - In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...
Medium: ruby
Issue Overview: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that ar...
Medium: ruby
Issue Overview: An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. A malicious FTP server can use the PASV response to trick Net::FTP into connecting back to a given IP address and port. This potentially makes curl extract information about services that ar...