Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : .NET vulnerabilities (USN-7822-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7822-1 advisory. It was discovered that .NET did not properly handle the creation of temporary build time directories. An attacker could...

Linux Distros Unpatched Vulnerability : CVE-2023-38686

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP...

SUSE CVE-2010-1194

The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...

Enhancing Email Security with MTA-STS and SMTP TLS Reporting

In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents. Later, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the...

CVE-2010-1194

The matchcomponent function in smtp-tls.c in libESMTP 1.0.3.r1, and possibly other versions including 1.0.4, treats two strings as equal if one is a substring of the other, which allows remote attackers to spoof trusted certificates via a crafted subjectAltName...

CVE-2010-1194

The connected sources confirm CVE-2010-1194 affects libESMTP (notably 1.0.3.r1 and 1.0.4) where match_component in smtp-tls.c treats strings as equal if one is a substring of the other, enabling remote certificate spoofing via crafted subjectAltName. Public advisories (Mandriva) indicate patches ...