CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...

6.8CVSS9.2AI score0.32222EPSS

Exploits1References10

SUSE CVE•added 2023/02/15 5:53 a.m.•1 views

SUSE CVE-2011-1431

The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the netqmail-1.06-tls patch for netqmail 1.06 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TL...

6.8CVSS9.2AI score0.06675EPSS

Exploits1References3

SUSE CVE•added 2023/02/15 5:53 a.m.•2 views

SUSE CVE-2011-1430

The STARTTLS implementation in the server in Ipswitch IMail 11.03 and earlier does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a...

6.8CVSS9.1AI score0.01049EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 5:53 a.m.•1 views

SUSE CVE-2011-1432

The STARTTLS implementation in SCO SCOoffice Server does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

6.8CVSS9.1AI score0.07716EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 5:53 a.m.•1 views

SUSE CVE-2011-1926

The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command...

5.1CVSS9.3AI score0.04867EPSS

Exploits0References3

SUSE CVE•added 2023/02/15 5:45 a.m.•1 views

SUSE CVE-2012-3523

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

6.8CVSS7.1AI score0.18812EPSS

Exploits0References4

SUSE CVE•added 2023/02/15 5:28 a.m.•1 views

SUSE CVE-2014-3556

The STARTTLS implementation in mail/ngxmailsmtphandler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command...

6.8CVSS7.1AI score0.48169EPSS

Exploits0References3

CVE•added 2021/08/17 5:16 p.m.•43 views

CVE-2020-29548

SmarterMail (SmarterTools) up to v100.0.7537 is affected. In this CVE, a meddler-in-the-middle can pipeline commands after a POP3 STLS command, injecting plaintext commands into an encrypted user session. The issue is described across multiple sources (NVD entry for CVE-2020-29548 and vendor refe...

8.1CVSS8AI score0.0062EPSS

Exploits0References2Affected Software1

Cvelist•added 2021/08/17 5:12 p.m.•8 views

CVE-2020-15955

In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the MitM attacker...

5.9AI score0.00322EPSS

Exploits0References2

OSV•added 2021/08/03 10:15 p.m.•1 views

DEBIAN-CVE-2021-38084

An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session...

8.1CVSS7.9AI score0.00513EPSS

Exploits0References1

NVD•added 2021/08/03 10:15 p.m.•6 views

CVE-2021-38084

8.1CVSS0.00513EPSS

Exploits0References2

OSV•added 2021/08/03 10:15 p.m.•0 views

UBUNTU-CVE-2021-38084

8.1CVSS7.2AI score0.00513EPSS

Exploits0References4

CVE•added 2020/02/19 1:39 p.m.•37 views

CVE-2014-2727

The CVE-2014-2727 issue affects MailMarshal’s STARTTLS before version 7.2, enabling plaintext command injection via the STARTTLS implementation. Public sources identify this as a network‑vector vulnerability with high impact and a high score (NVD CVSS v2/v3). The root cause is the STARTTLS handli...

9.8CVSS9.6AI score0.0609EPSS

Exploits0References1Affected Software1

NVD•added 2020/01/27 7:15 p.m.•9 views

CVE-2014-8563

Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS...

9.8CVSS9.8AI score0.02713EPSS

Exploits0References2

CVE•added 2020/01/27 6:38 p.m.•40 views

CVE-2014-8563

CVE-2014-8563 affects Synacor Zimbra Collaboration Suite before version 8.0.9. The vulnerability is described as plaintext command injection during STARTTLS, stemming from input data not properly filtered when constructing OS-executable commands. Several connected sources reiterate that versions ...

9.8CVSS9.7AI score0.02713EPSS

Exploits0References2Affected Software1

Cvelist•added 2020/01/27 6:38 p.m.•8 views

CVE-2014-8563

Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS...

9.9AI score0.02713EPSS

Exploits0References2

NVD•added 2014/12/29 8:59 p.m.•24 views

CVE-2014-3556

6.8CVSS6.5AI score0.48169EPSS

Exploits0References4

Rows per page