16 matches found
PYSEC-2026-24
Apache Airflow's SMTP provider SmtpHook called Python's smtplib.SMTP.starttls without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS...
EUVD-2021-24826
Malware in sbrugna...
RHEL 6 : kmail (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - kmail: Send Later with Delay bypasses OpenPGP CVE-2017-9604 - In KDE KMail 19.12.3 aka 5.13.3, the SMTP...
Design/Logic Flaw
An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session. This can lead to credential disclosure...
Debian: Security Advisory (DLA-2874-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2874-1] thunderbird security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2874-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort January 04, 2022 https://wiki.debian.org/LTS -...
[SECURITY] [DSA 5034-1] thunderbird security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5034-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 02, 2022 https://www.debian.org/security/faq -...
CentOS 8 : thunderbird (CESA-2021:3838)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2021:3838 advisory. - rust-crossbeam-deque: race condition may lead to double free CVE-2021-32810 - Mozilla: Use-after-free in MessageTask CVE-2021-38496 - Mozilla:...
RHEL 8 : thunderbird (RHSA-2021:3840)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3840 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Security Fixes: Mozilla:...
RHEL 8 : thunderbird (RHSA-2021:3839)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:3839 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Security Fixes: Mozilla:...
Important: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
Important: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
thunderbird security update
An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. This updat...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 91.2.0. Security Fixes: Mozilla: Use-after-free in MessageTask CVE-2021-38496 Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 CVE-2021-38500 Mozilla:...
UBUNTU-CVE-2021-38373
In KDE KMail 19.12.3 aka 5.13.3, the SMTP STARTTLS option is not honored and cleartext messages are sent unless "Server requires authentication" is checked...
SMTP STARTTLS Deployments Better than Expected
As more service providers understand and embrace the importance of encrypting online communication, certain technologies are being elevated to the forefront of conversations. Perfect Forward Secrecy and HTTP Strict Transport Security HSTS are two that generally top most lists, but another, SMTP...