Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1063 matches found

CVE
CVEadded 2022/12/22 12:0 a.m.118 views

CVE-2020-15685

CVE-2020-15685 affects Thunderbird prior to 78.7. During the plaintext phase of STARTTLS, protocol commands could be injected and evaluated within the encrypted session. Affected product: Thunderbird (before 78.7). Root cause: insufficient validation during STARTTLS plaintext phase. Impact: poten...

8.8CVSS8.4AI score0.00856EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2022/12/22 12:0 a.m.3 views

CVE-2020-15685

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird 78.7...

8.6AI score0.00856EPSS
Exploits1References2
Debian CVE
Debian CVEadded 2022/12/22 12:0 a.m.27 views

CVE-2020-15685

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird 78.7...

8.8CVSS8.9AI score0.00856EPSS
Exploits1
AlpineLinux
AlpineLinuxadded 2022/12/22 12:0 a.m.49 views

CVE-2020-15685

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird 78.7...

8.8CVSS8.7AI score0.00856EPSS
Exploits1
Tenable Nessus
Tenable Nessusadded 2022/12/07 12:0 a.m.34 views

Amazon Linux 2 : mutt (ALAS-2022-1892)

The version of mutt installed on the remote host is prior to 1.5.21-29. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1892 advisory. Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. CVE-2020-14093 Mutt before...

6.5CVSS6.2AI score0.02796EPSS
Exploits2References13
Veracode
Veracodeadded 2022/11/17 4:0 p.m.21 views

Denial Of Service (DoS)

Alpine is vulnerable to denial of service. The vulnerability exists when LIST or LSUB is sent before STARTTLS which allows an attacker to cause an application crash...

5.9CVSS3AI score0.00841EPSS
Exploits0References4Affected Software1
OSV
OSVadded 2022/11/03 6:15 a.m.1 views

DEBIAN-CVE-2021-46853

Alpine before 2.25 allows remote attackers to cause a denial of service application crash when LIST or LSUB is sent before STARTTLS...

5.9CVSS5.9AI score0.00841EPSS
Exploits0References1
Prion
Prionadded 2022/11/03 6:15 a.m.18 views

Code injection

Alpine before 2.25 allows remote attackers to cause a denial of service application crash when LIST or LSUB is sent before STARTTLS...

2.6CVSS5.7AI score0.00841EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2022/11/03 6:15 a.m.0 views

UBUNTU-CVE-2021-46853

Alpine before 2.25 allows remote attackers to cause a denial of service application crash when LIST or LSUB is sent before STARTTLS...

5.9CVSS6.3AI score0.00841EPSS
Exploits0References6
Debian CVE
Debian CVEadded 2022/11/03 12:0 a.m.32 views

CVE-2021-46853

Alpine before 2.25 allows remote attackers to cause a denial of service application crash when LIST or LSUB is sent before STARTTLS...

5.9CVSS5.9AI score0.00841EPSS
Exploits0
CVE
CVEadded 2022/11/03 12:0 a.m.70 views

CVE-2021-46853

CVE-2021-46853 affects Alpine prior to 2.25. A remote attacker can cause an application crash (denial of service) by sending LIST or LSUB before STARTTLS. This issue arises from how the IMAP/mail handling processes pre-TLS commands, enabling a crash under network conditions. The connected documen...

5.9CVSS5.6AI score0.00841EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCveadded 2022/11/03 12:0 a.m.23 views

CVE-2021-46853

Alpine before 2.25 allows remote attackers to cause a denial of service application crash when LIST or LSUB is sent before STARTTLS...

5.9CVSS6.3AI score0.00841EPSS
Exploits0References5
OSV
OSVadded 2022/10/05 1:43 p.m.2 views

SUSE-SU-2022:3529-1 Security update for sendmail

This update for sendmail fixes the following issues: - Fixed SMTP session reuse leading to STARTTLS not used even if offered bsc1164084...

7.1AI score
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2022/09/25 12:0 a.m.29 views

GLSA-202209-14 : Fetchmail: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202209-14 Fetchmail: Multiple Vulnerabilities - reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow mail servers to cause a denial of service or...

7.5CVSS6.3AI score0.0256EPSS
Exploits0References5
OSV
OSVadded 2022/09/19 10:15 p.m.1 views

CVE-2022-0143

When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management IDM and Remote Connector Server RCS...

9.8CVSS5.8AI score
Exploits0References2
NVD
NVDadded 2022/09/19 10:15 p.m.11 views

CVE-2022-0143

When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management IDM and Remote Connector Server RCS...

9.8CVSS0.0053EPSS
Exploits0References2
Prion
Prionadded 2022/09/19 10:15 p.m.14 views

Code injection

When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management IDM and Remote Connector Server RCS...

7.5CVSS9.4AI score0.0053EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2022/09/19 9:15 p.m.14 views

CVE-2022-0143 LDAP Connector: When startTLS is used then LDAP connector ignores the wrong password

When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management IDM and Remote Connector Server RCS...

9.3CVSS9.7AI score0.0053EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2022/09/19 9:15 p.m.5 views

CVE-2022-0143 LDAP Connector: When startTLS is used then LDAP connector ignores the wrong password

When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. This issue affects: all versions of the LDAP connector prior to 1.5.20.9. The LDAP connector is bundled with Identity Management IDM and Remote Connector Server RCS...

9.3CVSS9.6AI score0.0053EPSS
Exploits0References2
CVE
CVEadded 2022/09/19 9:15 p.m.55 views

CVE-2022-0143

CVE-2022-0143 affects ForgeRock LDAP Connector (bundled with Identity Management and Remote Connector Server). The flaw occurs when StartTLS is configured, allowing unauthenticated access in all versions prior to 1.5.20.9. Impact is described as unauthenticated access with potential confidentiali...

9.8CVSS9.6AI score0.0053EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder