UBUNTU-CVE-2013-4584

Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssloutgoingciphers not being applied to STARTTLS connections...

CVE-2013-4584

CVE-2013-4584 affects Perdition before 2.2, where an error in handling outbound connections during STARTTLS for IMAP/POP causes ssl_outgoing_ciphers not to be applied. This results in weaker security for outbound connections; the literature does not provide exploit vectors, affected versions beyond

CVE-2013-4584

Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssloutgoingciphers not being applied to STARTTLS connections...

CVE-2013-4584

Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssloutgoingciphers not being applied to STARTTLS connections...

PT-2019-6954 · None · Perdition

Name of the Vulnerable Software and Affected Versions: Perdition versions prior to 2.2 Description: The issue is related to weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. Specifically, ssl outgoing ciphers is not being applied to STARTTLS...

Puppet Enterprise 2016.x < 2016.4.15 / 2017.x < 2017.3.10 / 2018.x < 2018.1.4 Plaintext Credential Vulnerability

A plaintext credential vulnerability exists when users are configured to use startTLS with Role-Based Access Control RBAC Lightweight Directory Access Protocol LDAP. An unauthenticated, remote attacker can exploit this to bypass authentication to see the users credentials in plaintext...

EulerOS Virtualization 3.0.1.0 : python (EulerOS-SA-2019-1434)

According to the versions of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttl...

openssl security update

1.0.2k-16.0.1.el76.1 - Bump release for rebuild. 1.0.2k-16.1 - use SHA-256 in FIPS RSA pairwise key check - fix CVE-2018-5407 - EC signature local timing side-channel key extraction 1.0.2k-16 - fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA - fix incorrect error message on...

VMWare STARTTLS Support

The remote VMWare server supports the use of encryption initiated during pre-login to switch from a cleartext to an encrypted communications channel. TRUSTED...

SSL/TLS: IMAP Missing Support For STARTTLS

The remote IMAP server does not support the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Input validation

An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/activedirectory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/activedirectory/ActiveDirectorySecurityRealm.java,...

CVE-2019-1003009

An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/activedirectory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/activedirectory/ActiveDirectorySecurityRealm.java,...

CVE-2019-1003009

An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/activedirectory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/activedirectory/ActiveDirectorySecurityRealm.java,...

CVE-2019-1003009

An improper certificate validation vulnerability exists in Jenkins Active Directory Plugin 2.10 and earlier in src/main/java/hudson/plugins/activedirectory/ActiveDirectoryDomain.java, src/main/java/hudson/plugins/activedirectory/ActiveDirectorySecurityRealm.java,...

PT-2019-11307 · Jenkins · Jenkins Active Directory Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Active Directory Plugin versions 2.10 and earlier Description: An issue exists in the improper validation of certificates, allowing attackers to impersonate the Active Directory server that Jenkins connects to for authentication when...

SUSE SLES12 Security Update : python (SUSE-SU-2019:0223-1) (httpoxy)

This update for python fixes the following issues : Security issues fixed : CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack bsc984751 CVE-2016-5636: heap overflow when importing malformed zip files bsc985177 CVE-2016-5699: incorrect validation of HTTP headers allow header...

SMTP Unencrypted Cleartext Login

The remote host is running a SMTP server that allows cleartext logins over unencrypted connections. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Moderate: Red Hat Security Advisory: 389-ds-base security and bug fix update

An update for 389-ds-base is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

PostgreSQL STARTTLS Support

The remote PostgreSQL server supports the use of encryption initiated during pre-login to switch from a cleartext to an encrypted communications channel. TRUSTED...

GHSA-H5F5-RJ4R-42F6 Incorrect access control in Neo4j Enterprise Database Server via LDAP authentication

Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password...