1063 matches found
Trustwave MailMarshal Operating System Command Injection Vulnerability
Trustwave MailMarshal is a suite of email security gateway products from Trustwave, Inc. An operating system command injection vulnerability exists in the STARTTLS implementation in Trustwave MailMarshal versions prior to 7.2. An attacker could exploit this vulnerability to execute arbitrary...
MGASA-2020-0366 Updated libetpan packages fix a security vulnerability
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...
Updated libetpan packages fix a security vulnerability
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...
Updated mutt packages fix security vulnerabilities
A potential IMAP Man-in-the-Middle attack via a PREAUTH response CVE-2020-14093. Mutt was ignoring an expired certificate and was proceeding with a connection CVE-2020-14154. A response injection due to a STARTTLS buffering issue which was affecting IMAP, SMTP, and POP3 CVE-2020-14954...
MGASA-2020-0351 Updated evolution-data-server packages fix security vulnerabilities
evolution-data-server eds through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection". CVE-2020-14928 In GNOME evolution-data-server before 3.35.91, a...
OPENSUSE-SU-2020:1269-1 Security update for claws-mail
This update for claws-mail fixes the following issues: - CVE-2020-15917: Fixed an improper handling of suffix data after STARTTLS is mishandled boo1174457. This update was imported from the openSUSE:Leap:15.1:Update update project...
Security update for claws-mail (moderate)
openSUSE Security Update: Security update for claws-mail Announcement ID: openSUSE-SU-2020:1269-1 Rating: moderate References: 1174457 Cross-References: CVE-2020-15917 Affected Products: openSUSE Backports SLE-15-SP1 An update that fixes one vulnerability is now available. Description: This updat...
Mutt < 1.14.4 MITM Vulnerability
Mutt is prone to a man-in-the-middle MITM response injection vulnerability. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
MGASA-2020-0321 Updated claws-mail packages fix security vulnerability
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled CVE-2020-15917...
Updated claws-mail packages fix security vulnerability
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled CVE-2020-15917...
Debian DLA-2329-1 : libetpan security update
In libEtPan, a mail library, a STARTTLS response injection was discovered that affects IMAP, SMTP, and POP3. For Debian 9 stretch, this problem has been fixed in version 1.6-3+deb9u1. We recommend that you upgrade your libetpan packages. For the detailed security status of libetpan please refer t...
Debian: Security Advisory (DLA-2329-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2329-1] libetpan security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2329-1 [email protected] https://www.debian.org/lts/security/ August 16, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package...
OPENSUSE-SU-2020:1139-1 Security update for claws-mail
This update for claws-mail fixes the following issues: - Update to 3.17.6: It is now possible to 'Inherit Folder properties and processing rules from parent folder' when creating new folders with the move message and copy message dialogues. A Phishing warning is now shown when copying a phishing...
openSUSE Security Update : claws-mail (openSUSE-2020-1116)
This update for claws-mail fixes the following issues : - CVE-2020-15917: Fixed an improper handling of suffix data after STARTTLS is mishandled boo1174457. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...
Security update for claws-mail (moderate)
openSUSE Security Update: Security update for claws-mail Announcement ID: openSUSE-SU-2020:1139-1 Rating: moderate References: 1174457 Cross-References: CVE-2020-15917 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for...
OPENSUSE-SU-2020:1116-1 Security update for claws-mail
This update for claws-mail fixes the following issues: - CVE-2020-15917: Fixed an improper handling of suffix data after STARTTLS is mishandled boo1174457...
Security update for claws-mail (moderate)
openSUSE Security Update: Security update for claws-mail Announcement ID: openSUSE-SU-2020:1116-1 Rating: moderate References: 1174457 Cross-References: CVE-2020-15917 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for...
GLSA-202007-56 : Claws Mail: Improper STARTTLS handling
The remote host is affected by the vulnerability described in GLSA-202007-56 Claws Mail: Improper STARTTLS handling It was discovered that Claws Mail was not properly handling state within the STARTTLS protocol handshake. Impact : There may be a breach of integrity or confidentiality in connectio...
GLSA-202007-55 : libetpan: Improper STARTTLS handling
The remote host is affected by the vulnerability described in GLSA-202007-55 libetpan: Improper STARTTLS handling It was discovered that libetpan was not properly handling state within the STARTTLS protocol handshake. Impact : There may be a breach of integrity or confidentiality in connections...