EulerOS Virtualization 3.0.2.6 : ruby (EulerOS-SA-2021-2866)

According to the versions of the ruby packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The REXML gem before 3.2.5 in Ruby before 2.6.7, 2.7.x before 2.7.3, and 3.x before 3.0.1 does not properly address XML round-trip...

Information Disclosure

apache-james-imap-api is vulnerable to information disclosure. The vulnerability exists due to the use of STARTTLS commands which allows an attacker to gain access to sensitive information...

Debian: Security Advisory (DLA-2874-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2874-1] thunderbird security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2874-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort January 04, 2022 https://wiki.debian.org/LTS -...

CVE-2021-38542

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...

CVE-2021-38542

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...

Command injection

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...

CVE-2021-38542

CVE-2021-38542 concerns Apache James vulnerable to a buffering attack via STARTTLS. The core issue is in the handling of STARTTLS that could enable a MITM-related command injection and leakage of sensitive information. Multiple sources corroborate the STARTTLS-related buffering behavior and note ...

CVE-2021-38542 Apache James vulnerable to STARTTLS command injection (IMAP and POP3)

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...

PT-2022-10736 · Apache · Apache James

Name of the Vulnerable Software and Affected Versions: Apache James versions prior to 3.6.1 Description: The issue allows for a buffering attack using the STARTTLS command, potentially leading to Man-in-the-middle command injection attacks. This could result in the leakage of sensitive informatio...

[SECURITY] [DSA 5034-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5034-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 02, 2022 https://www.debian.org/security/faq -...

Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-2866)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2021-2798)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

ROS-2-2186

2.2186 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...

MGASA-2021-0579 Updated ruby packages fix security vulnerability

Bundler sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application...

Updated dovecot packages fix security vulnerabilities

Updated dovecot packages fix security vulnerabilities: The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension CVE-2020-28200. Dovecot before 2.3.15 allows ../ Path Traversal. An...

OPENSUSE-SU-2021:1591-1 Security update for fetchmail

This update for fetchmail fixes the following issues: - CVE-2021-36386: Fixed DoS or information disclosure in some configurations bsc1188875. - CVE-2021-39272: Fixed STARTTLS session encryption bypassing fetchmail-SA-2021-02 bsc1190069. - Update to 6.4.22 bsc1152964, jscSLE-18159, jscSLE-17903,...

openSUSE 15 Security Update : fetchmail (openSUSE-SU-2021:4018-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:4018-1 advisory. - reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow ma...

SUSE SLED15 / SLES15 Security Update : fetchmail (SUSE-SU-2021:4018-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:4018-1 advisory. - reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, whi...

Security update for fetchmail (moderate)

openSUSE Security Update: Security update for fetchmail Announcement ID: openSUSE-SU-2021:4018-1 Rating: moderate References: 1152964 1174075 1181400 1188875 1190069 1190896 SLE-17903 SLE-18059 SLE-18159 Cross-References: CVE-2021-36386 CVE-2021-39272 CVSS scores: CVE-2021-36386 NVD : 7.5...