1063 matches found
Command injection
Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS...
CVE-2014-8563
Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS...
CVE-2014-8563
CVE-2014-8563 affects Synacor Zimbra Collaboration Suite before version 8.0.9. The vulnerability is described as plaintext command injection during STARTTLS, stemming from input data not properly filtered when constructing OS-executable commands. Several connected sources reiterate that versions ...
Huawei EulerOS: Security Advisory for python (EulerOS-SA-2016-1036)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2012-0070
spamdyke prior to 4.2.1: STARTTLS reveals plaintext...
Code injection
spamdyke prior to 4.2.1: STARTTLS reveals plaintext...
CVE-2012-0070
spamdyke prior to 4.2.1: STARTTLS reveals plaintext...
CVE-2012-0070
CVE-2012-0070 concerns spamdyke prior to 4.2.1, where the TLS upgrade path after STARTTLS does not properly clear transport buffers, allowing insertion of arbitrary plaintext during the plaintext phase (e.g., SMTP commands). The vulnerability is triggered during the plaintext-to-TLS transition an...
Dovecot 2.0.x < 2.0.16 Man In The Middle Vulnerability
Dovecot is prone to a man-in-the-middle vulnerability. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you ca...
CVE-2019-14910
A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server ldaps, in this case user authentication succeeds even if invalid password has entered...
CVE-2019-14910
A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server ldaps, in this case user authentication succeeds even if invalid password has entered...
Authentication flaw
A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server ldaps, in this case user authentication succeeds even if invalid password has entered...
CVE-2019-14910
CVE-2019-14910 affects Keycloak 7.x when LDAP user federation uses StartTLS instead of LDAPS. The documented flaw allows authentication to succeed with an invalid password due to errors in the authentication procedure, enabling potential unauthorized access. Reported by multiple sources (Red Hat ...
CVE-2019-14910
A vulnerability was found in keycloak 7.x, when keycloak is configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server ldaps, in this case user authentication succeeds even if invalid password has entered...
PT-2019-4632 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak versions 7.x Description: A vulnerability was found in Keycloak when configured with LDAP user federation and StartTLS is used instead of SSL/TLS from the LDAP server, allowing user authentication to succeed even with an invalid...
CVE-2019-14910
A flaw was found in keycloak 7.x where an invalid password is accepted for user authentication when LDAP user federation and STARTTLS is used instead of SSL/TLS from the LDAP server. This can allow an attacker to log into a system using any entry for a password authentication and still gain acces...
CVE-2013-4584
Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssloutgoingciphers not being applied to STARTTLS connections...
CVE-2013-4584
Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssloutgoingciphers not being applied to STARTTLS connections...
Code injection
Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssloutgoingciphers not being applied to STARTTLS connections...
CVE-2013-4584
Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssloutgoingciphers not being applied to STARTTLS connections...