CVE-2021-37845

Removed by vendor...

CVE-2023-32290

The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server...

Design/Logic Flaw

The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server...

CVE-2023-32290

The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server...

CVE-2023-32290

Summary: CVE-2023-32290 affects the myMail app for iOS up to version 14.30, where credentials are sent in cleartext when a server expects STARTTLS. The root issue is improper handling of STARTTLS negotiation, leading to exposure of authentication data. Impact: Confidentiality impact is high as cr...

CVE-2023-32290

The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server...

Debian dla-3408 : jruby - security update

The remote Debian 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-3408 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3408-1 [email protected]...

Important: exim

Issue Overview: The STARTTLS feature in Exim through 4.94.2 allows response injection buffering during MTA SMTP sending. CVE-2021-38371 Affected Packages: exim Issue Correction: Run yum update exim or yum update --advisory ALAS-2023-1722 to update your system. New Packages: i686: ...

CVE-2023-1656 When the LDAP connector is started with StartTLS configured, LDAP BIND credentials are transmitted insecurely, prior to establishing the TLS connection.

Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. OpenIDM and Java Remote Connector Server RCS LDAP Connector on Windows, MacOS, Linux allows Remote Services with Stolen Credentials.This issue affects OpenIDM and Java Remote Connector Server RCS: from 1.5.20.9 throug...

The vulnerability of the STARTTLS function in email servers, related to insufficient elimination of special elements in the request, allows attackers to compromise data integrity.

The vulnerability of the STARTTLS function of the Exim mail server is related to insufficient elimination of special elements in the request. Exploiting this vulnerability could allow a malicious actor to compromise data integrity remotely...

Debian: Security Advisory (DLA-522-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K23284054: The BIG-IP SMTPS virtual server may fail to properly restrict I/O buffering, allowing attackers to insert commands into encrypted SMTP sessions

Security Advisory Description This issue occurs the following condition is met: A virtual server is configured with a Client SSL profile and an SMTPS profile that has the STARTTLS Activation Mode setting enabled Allow or Require for processing SMTPS traffic. Impact When system receives these SMTP...

K01955184: Python smtplib library vulnerability CVE-2016-0772

Security Advisory Description The smtplib library in CPython aka Python before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 does not return an error when StartTLS fails, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the...

SUSE CVE-2011-0411

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...

SUSE CVE-2011-1430

The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a...

SUSE CVE-2011-1431

The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TL...

SUSE CVE-2011-1432

The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

SUSE CVE-2011-1575

The STARTTLS implementation in ftpparser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext...

SUSE CVE-2011-1926

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...

SUSE CVE-2012-3523

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...