EUVD-2024-0215

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-27305

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel...

Linux Distros Unpatched Vulnerability : CVE-2024-34083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted comman...

openSUSE 15 Security Update : python-aiosmtpd (openSUSE-SU-2024:0243-1)

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0243-1 advisory. - CVE-2024-34083: Fixed MiTM attack could inject extra unencrypted commands after STARTTLS boo1224467 - CVE-2024-27305: Fixed SMTP smuggling...

OPENSUSE-SU-2024:0243-1 Security update for python-aiosmtpd

This update for python-aiosmtpd fixes the following issues: - CVE-2024-34083: Fixed MiTM attack could inject extra unencrypted commands after STARTTLS boo1224467 - CVE-2024-27305: Fixed SMTP smuggling boo1221328...

Security update for python-aiosmtpd (important)

openSUSE Security Update: Security update for python-aiosmtpd Announcement ID: openSUSE-SU-2024:0243-1 Rating: important References: 1221328 1224467 Cross-References: CVE-2024-27305 CVE-2024-34083 Affected Products: openSUSE Backports SLE-15-SP5 An update that fixes two vulnerabilities is now...

OPENSUSE-SU-2024:13774-1 python310-aiosmtpd-1.4.5-2.1 on GA media

These are all security issues fixed in the python310-aiosmtpd-1.4.5-2.1 package on the GA media of openSUSE Tumbleweed...

OESA-2024-1696 python-aiosmtpd security update

This is a server for SMTP and related protocols, similar in utility to the standard library's smtpd.py module, but rewritten to be based on asyncio for Python 3. Security Fixes: aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on...

OESA-2024-1695 python-aiosmtpd security update

This is a server for SMTP and related protocols, similar in utility to the standard library's smtpd.py module, but rewritten to be based on asyncio for Python 3. Security Fixes: aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on...

Man-in-the-Middle (MITM)

aiosmtpd is vulnerable to Man-in-the-Middle MitM . The vulnerability is due to accepting unencrypted commands after the STARTTLS protocol command, which allows unencrypted commands to be accepted and treated as if they were encrypted. An attacker can exploit this flaw to perform a Man-in-the-Midd...

SUSE CVE-2024-34083

aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...

aiosmtpd STARTTLS unencrypted commands injection

Summary Servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a MitM attack. References NO STARTTLS: Similar vulnerabilities discovered by previous researchers...

GHSA-WGJV-9J3Q-JHG8 aiosmtpd STARTTLS unencrypted commands injection

Summary Servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a MitM attack. References NO STARTTLS: Similar vulnerabilities discovered by previous researchers...

azure-smtp-relay (>=1.0.0 <=1.0.7), mailrise (>=1.3.0 <=1.4.0) +4 more potentially affected by CVE-2024-34083 via aiosmtpd (>=1.2.0 <=1.4.5)

aiosmtpd PYPI version =1.2.0, =1.0.0, =1.3.0, =0.0.1, =0.2.5, =0.3.3 - yades-smtp =0.1.0 Source cves: CVE-2024-34083 Source advisory: OSV:GHSA-WGJV-9J3Q-JHG8...

CVE-2024-34083

aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...

CVE-2024-34083 STARTTLS unencrypted commands injection

aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...

CVE-2024-34083 STARTTLS unencrypted commands injection

aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...

CVE-2024-34083

CVE-2024-34083 affects aiosmtpd (Python SMTP server) prior to 1.4.6. The issue allows a MITM-style scenario where servers accept extra unencrypted commands after STARTTLS, as if from inside the encrypted channel. The vulnerability is mitigated by upgrading to aiosmtpd 1.4.6, which includes a patc...

PT-2024-25694 · Aiosmtpd · Aiosmtpd

Name of the Vulnerable Software and Affected Versions: aiosmtpd versions prior to 1.4.6 Description: The issue concerns servers based on aiosmtpd, which accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by...

aiosmptd 安全漏洞

aiosmtpd is an asyncio-based SMTP server. A security vulnerability exists in aiosmptd versions prior to 1.4.6, which stems from the presence of STARTTLS unencrypted command injection...