OPENSUSE-SU-2021:1225-1 Security update for dovecot23

This update for dovecot23 fixes the following issues: Update dovecot to version 2.3.15 jscSLE-19970: Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has...

Ubuntu 18.04 LTS / 20.04 LTS : Thunderbird vulnerabilities (USN-5058-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5058-1 advisory. It was discovered that Thunderbird didn't ignore IMAP server responses prior to completion of the STARTTLS handshake. A person-in-the-middle...

USN-5058-1: Thunderbird vulnerabilities

It was discovered that Thunderbird didn't ignore IMAP server responses prior to completion of the STARTTLS handshake. A person-in-the-middle could potentially exploit this to trick Thunderbird into showing incorrect information. CVE-2021-29969 Multiple security issues were discovered in...

USN-5058-1 thunderbird vulnerabilities

It was discovered that Thunderbird didn't ignore IMAP server responses prior to completion of the STARTTLS handshake. A person-in-the-middle could potentially exploit this to trick Thunderbird into showing incorrect information. CVE-2021-29969 Multiple security issues were discovered in...

Security update for dovecot23 (moderate)

openSUSE Security Update: Security update for dovecot23 Announcement ID: openSUSE-SU-2021:2892-1 Rating: moderate References: 1187418 1187419 1187420 SLE-19970 Cross-References: CVE-2020-28200 CVE-2021-29157 CVSS scores: CVE-2020-28200 NVD : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L...

CVE-2021-39272

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

CVE-2021-39272

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

CVE-2021-39272

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

CVE-2021-39272

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

Session fixation

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

CVE-2021-39272

Fetchmail prior to version 6.4.22 is vulnerable to STARTTLS encryption bypass in certain IMAP/PREAUTH scenarios. Multiple sources (Alpine Linux, Debian security tracker, CVE listing, and related advisories) confirm that upgrading to 6.4.22 or newer resolves this issue. The affected package is fet...

CVE-2021-39272

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

CVE-2021-39272

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

CVE-2021-39272

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

FreeBSD : fetchmail -- STARTTLS bypass vulnerabilities (1d6410e8-06c1-11ec-a35d-03ca114d16d6)

Problem : In certain circumstances, fetchmail 6.4.21 and older would not encrypt the session using STARTTLS/STLS, and might not have cleared session state across the TLS negotiation. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

The vulnerability in the implementation of the Net::IMAP class in the Ruby interpreter allows a attacker to execute a “man-in-the-middle” attack.

The vulnerability in the implementation of the Net::IMAP class in the Ruby interpreter is related to errors in the process of verifying the authenticity of certificates when processing the STARTTLS command. Exploiting this vulnerability could allow a remote attacker to execute a “man-in-the-middl...

Mozilla Thunderbird Command Injection Vulnerability

Mozilla Thunderbird is an open source email client. A command injection vulnerability exists in the Mozilla Thunderbird product, which stems from a problem in the way Thunderbird handles IMAP server responses sent prior to the STARTTLS process. An attacker could exploit this vulnerability to send...

CVE-2021-38373

In KDE KMail 19.12.3 aka 5.13.3, the SMTP STARTTLS option is not honored and cleartext messages are sent unless "Server requires authentication" is checked...

CVE-2020-15955

In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the MitM attacker...

CVE-2020-15955

In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the MitM attacker...