RHEL 7 : thunderbird (RHSA-2021:2881)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2881 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Security Fixes: Mozilla:...

RHEL 8 : thunderbird (RHSA-2021:2883)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2883 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 78.12.0. Security Fixes: Mozilla:...

PT-2021-3958 · Apache · Apache Directory Studio

Name of the Vulnerable Software and Affected Versions: Apache Directory Studio versions prior to 2.0.0.v20210213-M16 Description: The issue is related to the absence of protection for service data. An attacker could exploit this to disclose protected information. The problem arises when configure...

openSUSE 15 Security Update : MozillaThunderbird (openSUSE-SU-2021:2458-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2458-1 advisory. - If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the...

Injection Vulnerability

thunderbird is vulnerable to injection vulnerability. The vulnerability exists due to the lack of sanitization of input data prior to the completion of the STARTTLS handshake...

Updated thunderbird packages fix security vulnerabilities

IMAP server responses sent by a MITM prior to STARTTLS could be processed CVE-2021-29969. Use-after-free in accessibility features of a document CVE-2021-29970. Out of bounds write in ANGLE CVE-2021-30547. Memory safety bugs fixed in Thunderbird 78.12 CVE-2021-29976...

openSUSE 15 Security Update : dovecot23 (openSUSE-SU-2021:2123-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2123-1 advisory. - Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into usi...

CVE-2021-32066

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...

UBUNTU-CVE-2021-32066

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...

CVE-2021-29969

If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...

[ASA-202107-24] ruby2.7: multiple issues

Arch Linux Security Advisory ASA-202107-24 ========================================== Severity: High Date : 2021-07-14 CVE-ID : CVE-2021-31810 CVE-2021-32066 Package : ruby2.7 Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2139 Summary ======= The package ruby2.7...

[ASA-202107-25] ruby2.6: multiple issues

Arch Linux Security Advisory ASA-202107-25 ========================================== Severity: High Date : 2021-07-14 CVE-ID : CVE-2021-31799 CVE-2021-31810 CVE-2021-32066 Package : ruby2.6 Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-2140 Summary ======= The...

Mozilla Thunderbird < 78.12

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 78.12. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2021-30 advisory. - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentiall...

Man In The Middle (MitM)

ruby2.7 is vulnerable to Man In the Middle Attack. An attacker may bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a “StartTLS stripping attack.”...

CVE-2021-32066

Ruby's Net::IMAP module did not raise an exception when receiving an unexpected response to the STARTTLS command and the connection was not upgraded to use TLS. A man-in-the-middle attacker could use this flaw to prevent Ruby applications using Net::IMAP to enable TLS encryption for a connection ...

Ruby -- multiple vulnerabilities

Ruby news: This release includes security fixes. Please check the topics below for details. CVE-2021-31810: Trusting FTP PASV responses vulnerability in Net::FTP CVE-2021-32066: A StartTLS stripping vulnerability in Net::IMAP CVE-2021-31799: A command injection vulnerability in RDoc...

Advisory ROSA-SA-2021-1831

Software: evolution-data-server 3.28.5 OS: Cobalt 7.9 CVE-ID: CVE-2020-14928 CVE-Crit: MEDIUM CVE-DESC: From evolution-data-server eds to 3.36.3 there is an issue with STARTTLS buffering that affects SMTP and POP3. When the server sends a "start TLS" response, eds reads additional data and...

DEBIAN-CVE-2021-33515

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address...

ALPINE-CVE-2021-33515

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address...

CVE-2021-33515

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address...