1063 matches found
CVE-2021-38502
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication...
CVE-2021-38502
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication...
Authentication flaw
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication...
CVE-2021-38502
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication...
CVE-2021-38502
Thunderbird is affected by CVE-2021-38502 where STARTTLS requirements for SMTP were ignored, enabling a MITM to downgrade to an unencrypted connection or hijack an authenticated session and potentially obtain credentials if unprotected methods are configured. Multiple connected advisories confirm...
curl security update
7.61.1-18.el84.2 - fix STARTTLS protocol injection via MITM CVE-2021-22947 - fix protocol downgrade required TLS bypass CVE-2021-22946...
OPENSUSE-SU-2021:1416-1 Security update for fetchmail
This update for fetchmail fixes the following issues: - CVE-2021-39272: Fix failure to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. bsc1190069 This update was imported from the SUSE:SLE-15:Update update project...
NewStart CGSL CORE 5.05 / MAIN 5.05 : thunderbird Multiple Vulnerabilities (NS-SA-2021-0140)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has thunderbird packages installed that are affected by multiple vulnerabilities: - If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with a...
NewStart CGSL MAIN 6.02 : evolution-data-server Vulnerability (NS-SA-2021-0128)
The remote NewStart CGSL host, running version MAIN 6.02, has evolution-data-server packages installed that are affected by a vulnerability: - evolution-data-server eds through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a begin TLS response, eds reads...
Huawei EulerOS: Security Advisory for ruby (EulerOS-SA-2021-2614)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ruby: StartTLS stripping vulnerability in Net::IMAP
Ruby's Net::IMAP module did not raise an exception when receiving an unexpected response to the STARTTLS command and the connection was not upgraded to use TLS. A man-in-the-middle attacker could use this flaw to prevent Ruby applications using Net::IMAP to enable TLS encryption for a connection ...
EulerOS 2.0 SP3 : ruby (EulerOS-SA-2021-2614)
According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fai...
SUSE SLED15 / SLES15 Security Update : fetchmail (SUSE-SU-2021:3493-1)
The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3493-1 advisory. - Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...
SUSE: Security Advisory (SUSE-SU-2021:3492-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OPENSUSE-SU-2021:3493-1 Security update for fetchmail
This update for fetchmail fixes the following issues: - CVE-2021-39272: Fix failure to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. bsc1190069...
SUSE-SU-2021:3493-1 Security update for fetchmail
This update for fetchmail fixes the following issues: - CVE-2021-39272: Fix failure to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. bsc1190069...
SUSE-SU-2021:3492-1 Security update for fetchmail
This update for fetchmail fixes the following issues: - CVE-2021-39272: Fix failure to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. bsc1190069...
Security update for fetchmail (moderate)
openSUSE Security Update: Security update for fetchmail Announcement ID: openSUSE-SU-2021:3493-1 Rating: moderate References: 1190069 Cross-References: CVE-2021-39272 CVSS scores: CVE-2021-39272 SUSE: 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Leap 15.3 An update...
OPENSUSE-SU-2021:1384-1 Security update for curl
This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM bsc1190374. - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed bsc1190373. This update was imported from the SUSE:SLE-15-SP2:Update update project...
Denial Of Service (DoS)
Alpine is vulnerable to denial of service. The vulnerability exists because untagged responses from an IMAP server are accepted before STARTTLS...