[SECURITY] Fedora 38 Update: minizip-ng-3.0.7-4.fc38

Minizip-ng zlib-ng contribution that includes: AES encryption I/O buffering PKWARE disk splitting It also has the latest bug fixes that having been found all over the internet...

[SECURITY] Fedora 39 Update: minizip-ng-3.0.7-5.fc39

Minizip-ng zlib-ng contribution that includes: AES encryption I/O buffering PKWARE disk splitting It also has the latest bug fixes that having been found all over the internet...

K23284054: The BIG-IP SMTPS virtual server may fail to properly restrict I/O buffering, allowing attackers to insert commands into encrypted SMTP sessions

Security Advisory Description This issue occurs the following condition is met: A virtual server is configured with a Client SSL profile and an SMTPS profile that has the STARTTLS Activation Mode setting enabled Allow or Require for processing SMTPS traffic. Impact When system receives these SMTP...

SAP NetWeaver AS ABAP Command Injection (June 2021)

A command injection vulnerability exists in SAP NetWeaver AS ABAP due to improperly restricting I/O buffering. An unauthenticated, remote attacker can exploit this, to insert cleartext commands into encrypted SMTP sessions over the network which can partially impact the integrity of the...

CVE-2021-33663

SAP NetWeaver AS ABAP, versions - KRNL32NUC - 7.22,7.22EXT, KRNL32UC - 7.22,7.22EXT, KRNL64NUC - 7.22,7.22EXT,7.49, KRNL64UC - 8.04,7.22,7.22EXT,7.49,7.53,7.73, KERNEL - 7.22,8.04,7.49,7.53,7.73,7.77,7.81,7.82,7.83,7.84, allows an unauthorized attacker to insert cleartext commands due to improper...

PT-2021-20241 · Sap · Sap Netweaver As Abap

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS ABAP versions 7.22 through 7.84 Description: The issue allows an unauthorized attacker to insert cleartext commands into encrypted SMTP sessions over the network due to improper restriction of I/O buffering. This can partiall...

Debian: Security Advisory (DSA-2242-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-2258-1 : kolab-cyrus-imapd - implementation error

It was discovered that the STARTTLS implementation of the Kolab Cyrus IMAP server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted IMAP, LMTP, NNTP and POP3 sessions by sending a cleartext command that is processed after TLS is i...

DSA-2258-1 kolab-cyrus-imapd - implementation error

Bulletin has no description...

Mandriva Linux Security Advisory : cyrus-imapd (MDVSA-2011:100)

A vulnerability has been identified and fixed in cyrus-imapd : The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is process...

DSA-2242-1 cyrus-imapd-2.2 - implementation error

Bulletin has no description...

CVE-2011-1926

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...

CVE-2011-1575

The STARTTLS implementation in ftpparser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext...

CVE-2011-2165

The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...

CVE-2011-1926

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...

CVE-2011-1926

CVE-2011-1926 affects Cyrus IMAP Server prior to 2.4.7 where the STARTTLS I/O buffering is not properly restricted. This allows a man-in-the-middle to inject cleartext commands into an encrypted session, enabling a plaintext command injection (related to CVE-2011-0411). Remediation: upgrade to Cy...

CVE-2011-1506

The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and MailServer 6.x does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a...

CVE-2011-1431

The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TL...

Command injection

The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TL...

CVE-2011-1431

The CVE concerns STARTTLS in qmail-smtpd.c within qmail-smtpd (netqmail-1.06-tls patch for netqmail 1.06). The root cause is incomplete I/O buffering restrictions, enabling MITM attackers to insert a plaintext command after TLS is established in encrypted SMTP sessions (plaintext command injectio...