1064 matches found
Code injection
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS...
CVE-2021-38370
In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS...
UBUNTU-CVE-2021-38373
In KDE KMail 19.12.3 aka 5.13.3, the SMTP STARTTLS option is not honored and cleartext messages are sent unless "Server requires authentication" is checked...
UBUNTU-CVE-2021-38370
In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS...
CVE-2021-38373
In KDE KMail 19.12.3 aka 5.13.3, the SMTP STARTTLS option is not honored and cleartext messages are sent unless "Server requires authentication" is checked...
UBUNTU-CVE-2021-38371
The STARTTLS feature in Exim through 4.94.2 allows response injection buffering during MTA SMTP sending...
CVE-2021-38373
In KDE KMail 19.12.3 (aka 5.13.3), the SMTP STARTTLS option is not honored and cleartext messages are sent unless the server requires authentication is checked. This CVE-2021-38373 description is supported by multiple connected sources (SUSe/RHEL/Nessus mappings) indicating the same behavior; no ...
CVE-2021-38373
In KDE KMail 19.12.3 aka 5.13.3, the SMTP STARTTLS option is not honored and cleartext messages are sent unless "Server requires authentication" is checked...
CVE-2021-38373
In KDE KMail 19.12.3 aka 5.13.3, the SMTP STARTTLS option is not honored and cleartext messages are sent unless "Server requires authentication" is checked...
CVE-2021-38372
CVE-2021-38372 affects KDE Trojita 0.7. The issue arises because untagged IMAP responses are accepted before STARTTLS, enabling man-in-the-middle attackers to create new folders. Root cause stated as untagged responses being processed prior to STARTTLS. No exploitation details or patch/version in...
CVE-2021-38372
In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS...
CVE-2021-38371
The STARTTLS feature in Exim through 4.94.2 allows response injection buffering during MTA SMTP sending...
CVE-2021-38371
CVE-2021-38371 affects Exim (STARTTLS) up to version 4.94.2. The vulnerability allows response injection (buffering) during MTA SMTP sending due to how STARTTLS sync point is enforced on the client side. Affected products include Exim in various distributions (Debian/Ubuntu/Amazon Linux/Alpine/Op...
CVE-2021-38371
The STARTTLS feature in Exim through 4.94.2 allows response injection buffering during MTA SMTP sending...
fetchmail -- STARTTLS bypass vulnerabilities
Problem: In certain circumstances, fetchmail 6.4.21 and older would not encrypt the session using STARTTLS/STLS, and might not have cleared session state across the TLS negotiation...
CVE-2021-38370
The CVE describes Alpine before 2.25 allowing untagged IMAP responses before STARTTLS, potentially leaking information. Affected component: Alpine IMAP handling. Root cause: insecure handling of IMAP responses prior to TLS upgrade. Impact per sources: information leakage (and related issues) when...
PT-2021-7698 · Exim +4 · Exim +4
Name of the Vulnerable Software and Affected Versions: Exim versions through 4.94.2 Description: The issue is related to the STARTTLS feature in Exim, which allows response injection during MTA SMTP sending. This is due to insufficient neutralization of special elements in the request. The...
CVE-2021-38370
In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS...
CVE-2021-38370
In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS...
GHSA-4X25-F45X-GRV5 Missing encryption in Apache Directory Studio
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...