CentOS 8 : evolution (CESA-2020:4649)

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:4649 advisory. - evolution-data-server: Response injection via STARTTLS in SMTP and POP3 CVE-2020-14928 Note that Nessus has not tested for this issue but has instead relied...

Remote Code Execution (RCE)

thunderbird is vulnerable to remote code execution. During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session...

CVE-2020-15685

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes that during the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session...

Oracle Linux 7 : thunderbird (ELSA-2021-0297)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-0297 advisory. 78.7.0-1.0.1 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js 78.7.0-1 - Update to 78.7.0 Tenable has extracted...

Enhancing Email Security with MTA-STS and SMTP TLS Reporting

In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents. Later, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the...

CVE-2020-15685

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird 78.7...

UBUNTU-CVE-2020-15685

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird 78.7...

SUSE SLES15 Security Update : java-1_8_0-openjdk (SUSE-SU-2020:3591-1)

This update for java-180-openjdk fixes the following issues : Update to version jdk8u275 icedtea 3.17.1 - JDK-8214440, bsc1179441: Fix StartTLS functionality that was broken in openjdk272. bsc1179441 - JDK-8223940: Private key not supported by chosen signature algorithm - JDK-8236512: PKCS11...

openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2020-2188)

This update for java-180-openjdk fixes the following issues : - Update to version jdk8u275 icedtea 3.17.1 - JDK-8214440, bsc1179441: Fix StartTLS functionality that was broken in openjdk272. bsc1179441 - JDK-8223940: Private key not supported by chosen signature algorithm - JDK-8236512: PKCS11...

OPENSUSE-SU-2020:2188-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - Update to version jdk8u275 icedtea 3.17.1 JDK-8214440, bsc1179441: Fix StartTLS functionality that was broken in openjdk272. bsc1179441 JDK-8223940: Private key not supported by chosen signature algorithm JDK-8236512: PKCS11 Connectio...

openSUSE Security Update : java-1_8_0-openjdk (openSUSE-2020-2170)

This update for java-180-openjdk fixes the following issues : - Update to version jdk8u275 icedtea 3.17.1 - JDK-8214440, bsc1179441: Fix StartTLS functionality that was broken in openjdk272. bsc1179441 - JDK-8223940: Private key not supported by chosen signature algorithm - JDK-8236512: PKCS11...

OPENSUSE-SU-2020:2170-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - Update to version jdk8u275 icedtea 3.17.1 JDK-8214440, bsc1179441: Fix StartTLS functionality that was broken in openjdk272. bsc1179441 JDK-8223940: Private key not supported by chosen signature algorithm JDK-8236512: PKCS11 Connectio...

SUSE-SU-2020:3591-1 Security update for java-1_8_0-openjdk

This update for java-180-openjdk fixes the following issues: - Update to version jdk8u275 icedtea 3.17.1 JDK-8214440, bsc1179441: Fix StartTLS functionality that was broken in openjdk272. bsc1179441 JDK-8223940: Private key not supported by chosen signature algorithm JDK-8236512: PKCS11 Connectio...

TLS Response Injection

evolution-data-server is vulnerable to TLS response injection. When a server sends a 'begin TLS' response, eds reads additional data and evaluates it in a TLS context, aka "response injection" causing a STARTTLS buffering issue that affects SMTP and POP3...

evolution-data-server: Response injection via STARTTLS in SMTP and POP3

evolution-data-server eds through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."...

EulerOS 2.0 SP5 : mutt (EulerOS-SA-2020-2258)

According to the versions of the mutt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.CVE-2020-14093 - Mutt before 1.14.4 and NeoMutt befo...

USN-4598-1: LibEtPan vulnerability

It was discovered that LibEtPan incorrectly handled STARTTLS when using IMAP, SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack. CVE-2020-15953...

Huawei EulerOS: Security Advisory for mutt (EulerOS-SA-2020-2109)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : mutt (EulerOS-SA-2020-2109)

According to the versions of the mutt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.CVE-2020-14093 - Mutt before 1.14.4 and NeoMutt befo...

TLS Response Injection

Mutt is vulnerable to TLS response injection. A STARTTLS buffering issue that affects IMAP, SMTP, and POP3 when a server sends a begin TLS response causes the client to read additional data e.g. from a man-in-the-middle attacker and evaluates it in a TLS context, aka response injection...