1064 matches found
Missing encryption in Apache Directory Studio
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...
CentOS 8 : ruby:2.7 (CESA-2021:3020)
The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:3020 advisory. - rubygem-bundler: Dependencies of gems with explicit source may be installed from a different source CVE-2020-36327 - rubygem-rdoc: Command injection...
ruby:2.7 security update
ruby 2.7.4-137 - Upgrade to Ruby 2.7.4. - Fix command injection vulnerability in RDoc. Resolves: rhbz1986768 - Fix FTP PASV command response can cause Net::FTP to connect to arbitrary host. Resolves: rhbz1986812 - Fix StartTLS stripping vulnerability in Net::IMAP. Resolves: rhbz1986813 - Upgrade ...
Oracle Linux 8 : ruby:2.7 (ELSA-2021-3020)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-3020 advisory. ruby 2.7.4-137 - Upgrade to Ruby 2.7.4. - Fix command injection vulnerability in RDoc. Resolves: rhbz1986768 - Fix FTP PASV command response can cause...
CVE-2021-29969
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...
DEBIAN-CVE-2021-29969
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...
CVE-2021-29969
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...
CVE-2021-29969
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...
Code injection
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...
UBUNTU-CVE-2021-29969
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...
CVE-2021-29969
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...
CVE-2021-29969
Thunderbird is affected by CVE-2021-29969: when STARTTLS is used for IMAP, an attacker injecting IMAP responses before TLS completion could cause Thunderbird to display spoofed information (e.g., folders that don’t exist). Affects Thunderbird versions older than 78.12. The issue originates from n...
CVE-2021-29969
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...
CVE-2021-29969
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...
ruby: StartTLS stripping vulnerability in Net::IMAP
Ruby's Net::IMAP module did not raise an exception when receiving an unexpected response to the STARTTLS command and the connection was not upgraded to use TLS. A man-in-the-middle attacker could use this flaw to prevent Ruby applications using Net::IMAP to enable TLS encryption for a connection ...
Security update for MozillaThunderbird (important)
openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2021:1091-1 Rating: important References: 1188275 Cross-References: CVE-2021-29969 CVE-2021-29970 CVE-2021-29976 CVE-2021-30547 CVSS scores: CVE-2021-29969 SUSE: 7.5...
AZL-6861 CVE-2021-32066 affecting package ruby for versions less than 2.7.4-1
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...
CVE-2021-32066
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...
CVE-2021-32066
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...
ALPINE-CVE-2021-32066
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...