Lucene search
K

109 matches found

Fedora
Fedora
added 2020/08/19 1:2 a.m.27 views

[SECURITY] Fedora 31 Update: libetpan-1.9.3-3.fc31

The purpose of this mail library is to provide a portable, efficient middle -ware for different kinds of mail access. When using the drivers interface, the interface is the same for all kinds of mail access, remote and local mailbo xes...

7.4CVSS5.3AI score0.02393EPSS
Exploits1
Fedora
Fedora
added 2020/08/19 12:52 a.m.28 views

[SECURITY] Fedora 32 Update: libetpan-1.9.4-4.fc32

The purpose of this mail library is to provide a portable, efficient middle -ware for different kinds of mail access. When using the drivers interface, the interface is the same for all kinds of mail access, remote and local mailbo xes...

7.4CVSS5.3AI score0.02393EPSS
Exploits1
OpenVAS
OpenVAS
added 2020/08/19 12:0 a.m.16 views

Fedora: Security Advisory for libetpan (FEDORA-2020-13ae5f7221)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.4CVSS7.5AI score0.02393EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/08/19 12:0 a.m.36 views

Fedora 32 : libetpan (2020-13ae5f7221)

A security flaw was found on libetpan which may allow malicious attacker to inject additional responses or mimic whole sessions. This vulnerability is now assined as CVE-2020-15953. This new rpm should fix this issue. Note that Tenable Network Security has extracted the preceding description bloc...

7.4CVSS7AI score0.02393EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2020/08/19 12:0 a.m.16 views

Fedora: Security Advisory for libetpan (FEDORA-2020-44e52ef729)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.4CVSS7.5AI score0.02393EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/08/19 12:0 a.m.26 views

Fedora 31 : libetpan (2020-44e52ef729)

A security flaw was found on libetpan which may allow malicious attacker to inject additional responses or mimic whole sessions. This vulnerability is now assined as CVE-2020-15953. This new rpm should fix this issue. Note that Tenable Network Security has extracted the preceding description bloc...

7.4CVSS7AI score0.02393EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/08/18 12:0 a.m.23 views

Debian DLA-2329-1 : libetpan security update

In libEtPan, a mail library, a STARTTLS response injection was discovered that affects IMAP, SMTP, and POP3. For Debian 9 stretch, this problem has been fixed in version 1.6-3+deb9u1. We recommend that you upgrade your libetpan packages. For the detailed security status of libetpan please refer t...

7.4CVSS7AI score0.02393EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2020/08/17 12:0 a.m.14 views

Debian: Security Advisory (DLA-2329-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.5AI score0.02393EPSS
Exploits1References4
OSV
OSV
added 2020/08/16 12:0 a.m.19 views

DLA-2329-1 libetpan - security update

Bulletin has no description...

7.4CVSS7.2AI score0.02393EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2020/07/30 12:0 a.m.27 views

GLSA-202007-55 : libetpan: Improper STARTTLS handling

The remote host is affected by the vulnerability described in GLSA-202007-55 libetpan: Improper STARTTLS handling It was discovered that libetpan was not properly handling state within the STARTTLS protocol handshake. Impact : There may be a breach of integrity or confidentiality in connections...

7.4CVSS7.2AI score0.02393EPSS
Exploits1References2
Veracode
Veracode
added 2020/07/28 3:26 a.m.22 views

CRLF Injection

libetpan is vulnerable to CRLF Injection. Due to STARTTLS buffering issue affecting IMAP, SMTP, and POP3, a man-in-the-middle can inject additional data in "begin TLS" response from the server...

7.4CVSS2.3AI score0.02393EPSS
Exploits1References10Affected Software2
Gentoo Linux
Gentoo Linux
added 2020/07/28 12:0 a.m.34 views

libetpan: Improper STARTTLS handling

Background libetpan is a portable, efficient middleware for different kinds of mail access. Description It was discovered that libetpan was not properly handling state within the STARTTLS protocol handshake. Impact There may be a breach of integrity or confidentiality in connections made using...

7.4CVSS1.3AI score0.02393EPSS
Exploits1
CNVD
CNVD
added 2020/07/28 12:0 a.m.4 views

LibEtPan Injection Vulnerability

LibEtPan is a library from the developers of Hoà V. DINH software that provides a portable framework for a wide range of mail accesses such as IMAP, SMTP, POP and NNTP. An injection vulnerability exists in LibEtPan 1.9.4 and earlier versions, which can be exploited by an attacker to conduct a...

7.4CVSS7.2AI score0.02393EPSS
Exploits1References1
NVD
NVD
added 2020/07/27 7:15 a.m.19 views

CVE-2020-15953

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...

7.4CVSS7.3AI score0.02393EPSS
Exploits1References7
OSV
OSV
added 2020/07/27 7:15 a.m.28 views

CVE-2020-15953

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...

7.4CVSS6.6AI score
Exploits0References7
OSV
OSV
added 2020/07/27 7:15 a.m.2 views

DEBIAN-CVE-2020-15953

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...

7.4CVSS7.3AI score0.02393EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2020/07/27 7:15 a.m.23 views

CVE-2020-15953

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...

7.4CVSS7.1AI score0.02393EPSS
Exploits1References3
Prion
Prion
added 2020/07/27 7:15 a.m.21 views

Design/Logic Flaw

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...

5.8CVSS7.2AI score0.02393EPSS
Exploits1References7Affected Software4
OSV
OSV
added 2020/07/27 7:15 a.m.4 views

UBUNTU-CVE-2020-15953

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...

7.4CVSS7.1AI score0.02393EPSS
Exploits1References4
CVE
CVE
added 2020/07/27 6:7 a.m.188 views

CVE-2020-15953

LibEtPan ≤ 1.9.4 (used in MailCore 2 ≤ 0.6.3 and related products) contains a STARTTLS buffering issue that enables response injection during TLS negotiation across IMAP, SMTP, and POP3. The root cause is improper handling when a server responds with begin TLS, causing the client to read extra da...

7.4CVSS7.1AI score0.02393EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder