Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

NVD
NVDadded 2023/05/29 7:15 p.m.12 views

CVE-2021-37845

An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595. This potentially allows an attacker...

3.7CVSS4.2AI score0.00665EPSS
Exploits1References3
Prion
Prionadded 2023/05/29 7:15 p.m.19 views

Command injection

An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595. This potentially allows an attacker...

2.6CVSS4.2AI score0.00665EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVEadded 2023/05/29 12:0 a.m.24 views

CVE-2021-37845

Removed by vendor...

3.7CVSS4.8AI score0.00665EPSS
Exploits1
CVE
CVEadded 2023/05/29 12:0 a.m.50 views

CVE-2021-37845

CVE-2021-37845 affects Citadel (webcit-932). A MITM attacker can fixate a session in the cleartext phase before STARTTLS, violating RFC2595, potentially causing a victim’s e‑mail messages to be stored in the attacker’s IMAP mailbox, depending on the victim client behavior. The available documents...

3.7CVSS4.3AI score0.00665EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessusadded 2009/10/09 12:0 a.m.164 views

POP3 Service STLS Command Support

The remote POP3 service supports the use of the 'STLS' command to switch from a cleartext to an encrypted communications channel. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid42087; scriptversion"1.13"; scriptsetattributeattribute:"pluginmodificationdate",...

5.6AI score
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2009/10/09 12:0 a.m.41 views

IMAP Service STARTTLS Command Support

The remote IMAP service supports the use of the 'STARTTLS' command to switch from a cleartext to an encrypted communications channel. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid42085; scriptversion"1.9"; scriptsetattributeattribute:"pluginmodificationdate",...

5.6AI score
Exploits0References2
Rows per page
Query Builder