Lucene search
+L

170 matches found

OSV
OSV
added 2020/08/26 4:15 p.m.5 views

UBUNTU-CVE-2020-24661

GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services using invalid TLS certificates e.g., self-signed certificates when the client system is not configured to use a system-provided PKCS11 store. This allows a meddler in the middle to present a...

5.9CVSS6.3AI score0.00922EPSS
Exploits1References4
BDU FSTEC
BDU FSTEC
added 2020/08/19 12:0 a.m.9 views

The vulnerability of AJAX-based IMAP servers like Roundcube lies in the lack of protection for website structure, allowing attackers to compromise data integrity.

The vulnerability of AJAX-based IMAP servers like Roundcube is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows an attacker to compromise the integrity of data...

4.7CVSS6.9AI score0.02782EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2020/07/29 6:15 p.m.7 views

DEBIAN-CVE-2020-16118

In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imapmboxconnect in libbalsa/imap/imap-handle.c...

7.5CVSS7.3AI score0.0205EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2020/06/22 9:41 a.m.4 views

Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage

The Mozilla Foundation Security Advisory describes this flaw as: If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection...

7.5CVSS7.3AI score0.00976EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/06/22 8:55 a.m.3 views

Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage

The Mozilla Foundation Security Advisory describes this flaw as: If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection...

7.5CVSS7.3AI score0.00976EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/06/19 1:55 a.m.6 views

Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage

The Mozilla Foundation Security Advisory describes this flaw as: If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection...

7.5CVSS7.3AI score0.00976EPSS
Exploits0References5
CNVD
CNVD
added 2020/06/08 12:0 a.m.2 views

Mozilla Thunderbird Information Disclosure Vulnerability (CNVD-2020-41069)

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. A security vulnerability exists in Mozilla Thunderbird versions prior to 68.9.0, which...

7.5CVSS8.7AI score0.00976EPSS
Exploits0References1
OSV
OSV
added 2020/03/16 4:15 p.m.6 views

CVE-2020-6980

Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, If Simple Mail Transfer Protocol SMTP account data is saved in RSLogix 500, a local attacker with access to a...

3.3CVSS5.8AI score0.00415EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/18 12:0 a.m.2 views

Cyrus IMAP Elevation of Privilege Vulnerability

Cyrus IMAP is a Unix and Linux-based operating system for supporting IMAP Interactive Mail Access Protocol protocol open source mail server . A security vulnerability exists in Cyrus IMAP versions prior to 2.5.15, 3.0.x prior to 3.0.13, and 3.1.x through 3.1.8. An attacker can exploit the...

6.5CVSS6.9AI score0.01655EPSS
Exploits0References1
OSV
OSV
added 2019/11/15 4:15 a.m.5 views

DEBIAN-CVE-2019-18928

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection...

9.8CVSS8.2AI score0.02392EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2018/11/13 8:36 a.m.22 views

curl: IMAP FETCH response out of bounds read

A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application...

9.1CVSS7.4AI score0.06224EPSS
Exploits0References5
CNVD
CNVD
added 2018/11/06 12:0 a.m.5 views

Suricata Denial of Service Vulnerability (CNVD-2019-34757)

Suricata is a high-performance network intrusion detection IDS, intrusion prevention IPS and network security monitoring multi-threaded engine. A denial of service vulnerability exists in the ProcessMimeEntity function in util-decode-mime.c in Suricata. A remote attacker can exploit this...

7.5CVSS6.9AI score0.02794EPSS
Exploits0References1
OSV
OSV
added 2018/07/17 5:29 p.m.5 views

ALPINE-CVE-2018-14351

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size...

9.8CVSS7AI score0.03166EPSS
Exploits0References1
OSV
OSV
added 2018/07/17 12:0 a.m.3 views

UBUNTU-CVE-2018-14351

An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size...

9.8CVSS7.2AI score0.03166EPSS
Exploits0References9
CNVD
CNVD
added 2018/05/03 12:0 a.m.5 views

Roundcube Command Injection Vulnerability

RoundCube is a browser-based, multi-language IMAP client. A command injection vulnerability exists in RoundCube versions 1.2.0 through 1.3.5, which allows remote attackers to inject arbitrary IMAP commands and perform malicious actions due to a failure of the archive plugin to properly handle use...

8.8CVSS7.9AI score0.02289EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2017/12/14 11:34 a.m.7 views

golang: smtp.PlainAuth susceptible to man-in-the-middle password harvesting

It was found that smtp.PlainAuth authentication scheme in Go did not verify the TLS requirement properly. A remote man-in-the-middle attacker could potentially use this flaw to sniff SMTP credentials sent by a Go application...

5.9CVSS7.4AI score0.01105EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2017/11/27 2:51 p.m.5 views

curl: IMAP FETCH response out of bounds read

A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application...

9.1CVSS7.4AI score0.06224EPSS
Exploits0References5
OSV
OSV
added 2017/08/08 3:29 p.m.3 views

CVE-2017-10208

Vulnerability in the Oracle Hospitality e7 component of Oracle Hospitality Applications subcomponent: Other. The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via SMTP to compromise Oracle Hospitality e7. Successfu...

4.3CVSS7.3AI score0.01389EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2017/05/10 12:44 p.m.7 views

OpenJDK: newline injection in the SMTP client (Networking, 8171533)

A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...

4.3CVSS7.4AI score0.01686EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2017/04/24 11:16 a.m.6 views

OpenJDK: newline injection in the SMTP client (Networking, 8171533)

A newline injection flaw was discovered in the SMTP client implementation in the Networking component in OpenJDK. A remote attacker could possibly use this flaw to manipulate SMTP connections established by a Java application...

4.3CVSS7.4AI score0.01686EPSS
Exploits0References5
Rows per page
Query Builder