Lucene search
+L

61 matches found

prion
prion
added 2014/10/08 1:55 a.m.15 views

Design/Logic Flaw

The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certifica...

5.8CVSS6.2AI score0.00837EPSS
Exploits0References5Affected Software1
prion
prion
added 2014/10/08 1:55 a.m.16 views

Information disclosure

The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate...

6.8CVSS6.2AI score0.00928EPSS
Exploits0References5Affected Software1
ubuntucve
ubuntucve
added 2014/10/08 1:55 a.m.17 views

CVE-2014-7275

The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate...

5.8CVSS5.9AI score0.00833EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2014/10/08 1:55 a.m.20 views

CVE-2014-7274

The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name CN field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certifica...

5.8CVSS5.8AI score0.00837EPSS
Exploits0References3
prion
prion
added 2014/10/08 1:55 a.m.16 views

Information disclosure

The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate...

5.8CVSS6.2AI score0.00833EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 2014/10/08 1:0 a.m.29 views

CVE-2014-7275

The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain sensitive information via a crafted certificate...

5.5AI score0.00833EPSS
Exploits0References5
cvelist
cvelist
added 2014/10/08 1:0 a.m.27 views

CVE-2014-7273

The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain sensitive information via a crafted certificate...

5.5AI score0.00928EPSS
Exploits0References5
cve
cve
added 2014/10/08 1:0 a.m.59 views

CVE-2014-7275

CVE-2014-7275 affects getmail 4.0.0–4.44.0, where POP3-over-SSL does not verify X.509 certificates from SSL servers, enabling MITM with crafted certificates to spoof POP3 servers and obtain sensitive data. Debian and other advisories note upgrades to 4.46.0 (e.g., 4.46.0-1~deb6u1) as the fix; Ope...

5.8CVSS5.6AI score0.00833EPSS
Exploits0References5Affected Software1
cve
cve
added 2014/10/08 1:0 a.m.69 views

CVE-2014-7274

The CVE-2014-7274 issue affects getmail’s IMAP-over-SSL in version 4.44.0, where the client does not verify that the server’s hostname matches the CN in the X.509 certificate. This enables man-in-the-middle attacks to spoof IMAP servers and obtain sensitive data via a crafted certificate from a C...

5.8CVSS5.6AI score0.00837EPSS
Exploits0References5Affected Software1
debiancve
debiancve
added 2014/10/08 1:0 a.m.40 views

CVE-2014-7275

Removed by vendor...

5.8CVSS6.7AI score0.00833EPSS
Exploits0
debiancve
debiancve
added 2014/10/08 1:0 a.m.41 views

CVE-2014-7274

Removed by vendor...

5.8CVSS6.7AI score0.00837EPSS
Exploits0
debiancve
debiancve
added 2014/10/08 1:0 a.m.40 views

CVE-2014-7273

Removed by vendor...

6.8CVSS6.7AI score0.00928EPSS
Exploits0
cve
cve
added 2014/10/08 1:0 a.m.68 views

CVE-2014-7273

CVE-2014-7273 affects getmail up to version 4.43.0, where IMAP-over-SSL does not verify X.509 certificates, enabling MITM attacks and potential disclosure of sensitive data. Remediation: upgrade to getmail 4.46.0 (or newer, e.g., 4.46.0-1/4.46.0-1~deb6u1 per Debian) where the issue is fixed. Rela...

6.8CVSS5.6AI score0.00928EPSS
Exploits0References5Affected Software1
openvas
openvas
added 2012/09/11 12:0 a.m.21 views

Slackware Advisory SSA:2004-278-01 getmail

The remote host is missing an update as announced via advisory SSA:2004-278-01. OpenVAS Vulnerability Test $Id: esoftslkssa200427801.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...

2.1CVSS0.1AI score0.00392EPSS
Exploits0
openvas
openvas
added 2012/09/10 12:0 a.m.26 views

Slackware: Security Advisory (SSA:2004-278-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

2.1CVSS6.5AI score0.00392EPSS
Exploits0References2
nessus
nessus
added 2009/04/23 12:0 a.m.21 views

FreeBSD : getmail -- symlink vulnerability during maildir delivery (8c33b299-163b-11d9-ac1b-000d614f7fad)

David Watson reports a symlink vulnerability in getmail. If run as root not the recommended mode of operation, a local user may be able to cause getmail to write files in arbitrary directories via a symlink attack on subdirectories of the maildir. %NASLMINLEVEL 70300 C Tenable Network Security,...

2.1CVSS5.6AI score0.00392EPSS
Exploits0References3
openvas
openvas
added 2008/09/24 12:0 a.m.23 views

Gentoo Security Advisory GLSA 200409-32 (getmail)

The remote host is missing updates announced in advisory GLSA 200409-32. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

2.1CVSS0.5AI score0.00392EPSS
Exploits0
openvas
openvas
added 2008/09/24 12:0 a.m.21 views

Gentoo Security Advisory GLSA 200409-32 (getmail)

The remote host is missing updates announced in advisory GLSA 200409-32. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

2.1CVSS6.7AI score0.00392EPSS
Exploits0References4
openvas
openvas
added 2008/09/04 12:0 a.m.26 views

FreeBSD Ports: getmail

The remote host is missing an update to the system as announced in the referenced advisory. VID 8c33b299-163b-11d9-ac1b-000d614f7fad OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

2.1CVSS6.3AI score0.00392EPSS
Exploits0
openvas
openvas
added 2008/09/04 12:0 a.m.17 views

FreeBSD Ports: getmail

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

2.1CVSS6.6AI score0.00392EPSS
Exploits0References3
Rows per page
Query Builder