Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1063 matches found

Veracode
Veracodeadded 2020/07/28 3:26 a.m.21 views

CRLF Injection

libetpan is vulnerable to CRLF Injection. Due to STARTTLS buffering issue affecting IMAP, SMTP, and POP3, a man-in-the-middle can inject additional data in "begin TLS" response from the server...

7.4CVSS2.3AI score0.02393EPSS
Exploits1References10Affected Software2
Gentoo Linux
Gentoo Linuxadded 2020/07/28 12:0 a.m.25 views

Claws Mail: Improper STARTTLS handling

Background Claws Mail is a GTK based e-mail client. Description It was discovered that Claws Mail was not properly handling state within the STARTTLS protocol handshake. Impact There may be a breach of integrity or confidentiality in connections made using Claws Mail with STARTTLS. Workaround The...

9.8CVSS1.4AI score0.02592EPSS
Exploits0
Gentoo Linux
Gentoo Linuxadded 2020/07/28 12:0 a.m.32 views

libetpan: Improper STARTTLS handling

Background libetpan is a portable, efficient middleware for different kinds of mail access. Description It was discovered that libetpan was not properly handling state within the STARTTLS protocol handshake. Impact There may be a breach of integrity or confidentiality in connections made using...

7.4CVSS1.3AI score0.02393EPSS
Exploits1
OSV
OSVadded 2020/07/27 7:15 a.m.26 views

CVE-2020-15953

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...

7.4CVSS6.6AI score
Exploits0References7
NVD
NVDadded 2020/07/27 7:15 a.m.16 views

CVE-2020-15953

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...

7.4CVSS7.3AI score0.02393EPSS
Exploits1References7
UbuntuCve
UbuntuCveadded 2020/07/27 7:15 a.m.22 views

CVE-2020-15953

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...

7.4CVSS7.1AI score0.02393EPSS
Exploits1References3
Prion
Prionadded 2020/07/27 7:15 a.m.19 views

Design/Logic Flaw

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...

5.8CVSS7.2AI score0.02393EPSS
Exploits1References7Affected Software4
OSV
OSVadded 2020/07/27 7:15 a.m.0 views

UBUNTU-CVE-2020-15953

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...

7.4CVSS7.1AI score0.02393EPSS
Exploits1References4
Cvelist
Cvelistadded 2020/07/27 6:7 a.m.20 views

CVE-2020-15953

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...

7.2AI score0.02393EPSS
Exploits1References7
CVE
CVEadded 2020/07/27 6:7 a.m.181 views

CVE-2020-15953

LibEtPan ≤ 1.9.4 (used in MailCore 2 ≤ 0.6.3 and related products) contains a STARTTLS buffering issue that enables response injection during TLS negotiation across IMAP, SMTP, and POP3. The root cause is improper handling when a server responds with begin TLS, causing the client to read extra da...

7.4CVSS7.1AI score0.02393EPSS
Exploits1References7Affected Software1
AlpineLinux
AlpineLinuxadded 2020/07/27 6:7 a.m.33 views

CVE-2020-15953

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...

7.4CVSS7.3AI score0.02393EPSS
Exploits1
OSV
OSVadded 2020/07/23 7:15 p.m.4 views

CVE-2020-15917

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled...

9.8CVSS9.3AI score
Exploits0References10
OSV
OSVadded 2020/07/23 7:15 p.m.1 views

DEBIAN-CVE-2020-15917

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled...

9.8CVSS8.4AI score0.02592EPSS
Exploits0References1
Prion
Prionadded 2020/07/23 7:15 p.m.29 views

Code injection

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled...

7.5CVSS9.3AI score0.02592EPSS
Exploits0References10Affected Software4
UbuntuCve
UbuntuCveadded 2020/07/23 7:15 p.m.28 views

CVE-2020-15917

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled...

9.8CVSS7.2AI score0.02592EPSS
Exploits0References3
Debian CVE
Debian CVEadded 2020/07/23 6:6 p.m.26 views

CVE-2020-15917

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled...

9.8CVSS9.5AI score0.02592EPSS
Exploits0
CVE
CVEadded 2020/07/23 6:6 p.m.194 views

CVE-2020-15917

The CVE-2020-15917 issue affects Claws Mail prior to version 3.17.6, where common/session.c mishandles suffix data after STARTTLS, causing a protocol violation. Public records in multiple vendor advisories (openSUSE, Fedora, Mageia) confirm a fix was released: updates to claws-mail that include t...

9.8CVSS9.2AI score0.02592EPSS
Exploits0References10Affected Software1
OpenVAS
OpenVASadded 2020/07/23 12:0 a.m.20 views

Ubuntu: Security Advisory (USN-4429-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS6.2AI score0.02808EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2020/07/23 12:0 a.m.28 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Evolution Data Server vulnerability (USN-4429-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4429-1 advisory. It was discovered that Evolution Data Server incorrectly handled STARTTLS when using SMTP and POP3. A remote attacker could possibly use...

5.9CVSS7AI score0.02808EPSS
Exploits1References2
Ubuntu
Ubuntuadded 2020/07/22 12:3 p.m.70 views

USN-4429-1: Evolution Data Server vulnerability

It was discovered that Evolution Data Server incorrectly handled STARTTLS when using SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack...

5.9CVSS7AI score0.02808EPSS
Exploits1
Rows per page
Query Builder