Ruby: imap: StartTLS stripping attack (CVE-2016-0772).

net/imap does not seem to raise an exception when the remote end imap server fails to respond with taggedresponse NO/BAD or OK to an explicit call of imap.starttls. This may allow a malicious MITM to perform a starttls stripping attack if the client code does not explicitly set usessl = true on...

PT-2021-3883

Name of the Vulnerable Software and Affected Versions Ruby versions 2.6.7 and earlier, 2.7.x through 2.7.3, and 3.x through 3.0.1 Description The issue is related to the implementation of the Net::IMAP class in the Ruby interpreter, specifically with errors in the certificate authentication...

SUSE: Security Advisory (SUSE-SU-2020:1771-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:2859-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:2106-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2016:2653-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-25376

An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed...

CVE-2021-25376

An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed...

Input validation

An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed...

CVE-2021-25376

CVE-2021-25376 affects Samsung Email prior to version 6.1.41.0 due to an improper synchronization logic, which can cause leakage of messages in plaintext in certain mailboxes when STARTTLS negotiation fails. The vulnerability is described in multiple sources as a leak in plaintext under a failed ...

CVE-2021-25376

An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed...

The vulnerability of the evolution-data-server database server, related to insufficient neutralization of special elements in queries, allows attackers to compromise data integrity.

The vulnerability of the evolution-data-server database server is related to a STARTTLS framing error, which can affect SMTP and POP3 protocols. Exploiting this vulnerability allows an attacker to compromise the integrity of data...

dovecot -- multiple vulnerabilities

Dovecot team reports: CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens in some configurations. This requires attacker to be able to write files to local disk. CVE-2021-33515: On-path attacker...

EulerOS 2.0 SP2 : mutt (EulerOS-SA-2021-1330)

According to the versions of the mutt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate...

EulerOS 2.0 SP2 : evolution-data-server (EulerOS-SA-2021-1293)

According to the versions of the evolution-data-server packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - evolution-data-server eds through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a 'begin...

Important: thunderbird

Issue Overview: The Mozilla Foundation Security Advisory describes these flaws as: During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. CVE-2020-15685 When a HTTPS page was embedded in a HTTP page, and...

CVE-2021-26911

core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode...

Code injection

core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode...

USN-4736-1: Thunderbird vulnerabilities

Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. CVE-2020-26976,...

Mozilla: IMAP Response Injection when using STARTTLS

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes that during the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session...