Lucene search
+L

86 matches found

osv
osv
added 2014/12/29 8:59 p.m.1 views

DEBIAN-CVE-2014-3556

The STARTTLS implementation in mail/ngxmailsmtphandler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command...

6.8CVSS9AI score0.07832EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2014/12/29 8:59 p.m.40 views

CVE-2014-3556

The STARTTLS implementation in mail/ngxmailsmtphandler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command...

6.8CVSS5.9AI score0.07832EPSS
Exploits0References2
cve
cve
added 2014/12/29 8:0 p.m.119 views

CVE-2014-3556

The CVE-2014-3556 entry affects nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4. The STARTTLS implementation in mail/ngx_mail_smtp_handler.c allows an MITM to inject commands into encrypted SMTP sessions by sending a cleartext command after TLS is established, due to insufficient I/O bu...

6.8CVSS6.8AI score0.07832EPSS
Exploits0References4Affected Software1
debiancve
debiancve
added 2014/12/29 8:0 p.m.53 views

CVE-2014-3556

The STARTTLS implementation in mail/ngxmailsmtphandler.c in the SMTP proxy in nginx 1.5.x and 1.6.x before 1.6.1 and 1.7.x before 1.7.4 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command...

6.8CVSS8.8AI score0.07832EPSS
Exploits0
nessus
nessus
added 2013/05/28 12:0 a.m.119 views

Alt-N MDaemon < 13.0.4 Multiple Vulnerabilities

The remote Windows host is running a version of Alt-N MDaemon that is earlier than 13.0.4. It is, therefore, potentially affected by the following vulnerabilities : - An error exists related to the 'Strip X-Headers' setting that could allow the application to crash. Issue 10358 - An input...

5.5AI score
Exploits0References1
nvd
nvd
added 2012/11/11 1:0 p.m.20 views

CVE-2012-3523

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

6.8CVSS6.5AI score0.03233EPSS
Exploits0References3
osv
osv
added 2012/11/11 1:0 p.m.4 views

DEBIAN-CVE-2012-3523

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

6.8CVSS9.1AI score0.03233EPSS
Exploits0References1
osv
osv
added 2012/11/11 1:0 p.m.12 views

CVE-2012-3523

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

6.6AI score
Exploits0References3
prion
prion
added 2012/11/11 1:0 p.m.25 views

Command injection

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

6.8CVSS6.7AI score0.16334EPSS
Exploits1References3Affected Software1
ubuntucve
ubuntucve
added 2012/11/11 1:0 p.m.29 views

CVE-2012-3523

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

6.8CVSS5.9AI score0.03233EPSS
Exploits0References3
cve
cve
added 2012/11/11 11:0 a.m.80 views

CVE-2012-3523

CVE-2012-3523 affects nnrpd (INN) prior to 2.5.3, where STARTTLS does not properly restrict I/O buffering. This enables MITM attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is established (plaintext command injection), related to CVE...

6.8CVSS6.8AI score0.03233EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2012/11/11 11:0 a.m.30 views

CVE-2012-3523

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

8.9AI score0.03233EPSS
Exploits0References3
debiancve
debiancve
added 2012/11/11 11:0 a.m.52 views

CVE-2012-3523

The STARTTLS implementation in nnrpd in INN before 2.5.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection"...

6.8CVSS9.7AI score0.03233EPSS
Exploits0
openvas
openvas
added 2012/08/30 12:0 a.m.32 views

FreeBSD Ports: inn

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

6.8CVSS9.2AI score0.16334EPSS
Exploits1References2
nessus
nessus
added 2012/08/27 12:0 a.m.27 views

FreeBSD : inn -- plaintext command injection into encrypted channel (a7975581-ee26-11e1-8bd8-0022156e8794)

INN developers report : Fixed a possible plaintext command injection during the negotiation of a TLS layer. The vulnerability detailed in CVE-2011-0411 affects the STARTTLS and AUTHINFO SASL commands. nnrpd now resets its read buffer upon a successful negotiation of a TLS layer. It prevents...

6.8CVSS8.3AI score0.16334EPSS
Exploits1References4
freebsd
freebsd
added 2012/08/14 12:0 a.m.68 views

inn -- plaintext command injection into encrypted channel

INN developers report: Fixed a possible plaintext command injection during the negotiation of a TLS layer. The vulnerability detailed in CVE-2011-0411 affects the STARTTLS and AUTHINFO SASL commands. nnrpd now resets its read buffer upon a successful negotiation of a TLS layer. It prevents...

6.8CVSS9.5AI score0.16334EPSS
Exploits1References1
openvas
openvas
added 2011/08/03 12:0 a.m.48 views

FreeBSD Ports: pure-ftpd

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

5.8CVSS9.2AI score0.33341EPSS
Exploits5References1
openvas
openvas
added 2011/08/03 12:0 a.m.33 views

FreeBSD Ports: pure-ftpd

The remote host is missing an update to the system as announced in the referenced advisory. VID 1495f931-8522-11e0-a1c1-00215c6a37bb OpenVAS Vulnerability Test $ Description: Auto generated from VID 1495f931-8522-11e0-a1c1-00215c6a37bb Authors: Thomas Reinke Copyright: Copyright c 2011 E-Soft Inc...

6.8CVSS8.6AI score0.33341EPSS
Exploits6
nessus
nessus
added 2011/07/19 12:0 a.m.33 views

SuSE 10 Security Update : cyrus-imapd (ZYPP Patch Number 7584)

Cyrus-imapd recognized commands before switching to an encrypted channel via STARTTLS. Attackers could potentially exploit that to inject plain text commands. CVE-2011-1926 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc...

5.1CVSS5.4AI score0.03999EPSS
Exploits0References2
nessus
nessus
added 2011/06/12 12:0 a.m.22 views

Fedora 13 : cyrus-imapd-2.3.16-5.fc13 (2011-7193)

Wed May 18 2011 Michal Hlavinka - 2.3.16-5 - fix CVE-2011-1926: STARTTLS plaintext command injection vulnerability - Fri Jan 21 2011 Michal Hlavinka - 2.3.16-4 - don't force sync io for all filesystems - Tue Apr 20 2010 Michal Hlavinka - 2.3.16-3 - add support for QoS marked traffic 576652 Note...

5.1CVSS5.4AI score0.03999EPSS
Exploits0References3
Rows per page
Query Builder