98 matches found
Citadel 命令注入漏洞
Citadel is an asset management software from Citadel, Inc. in the United States. A security vulnerability exists in Citadel webcit 926, which can be exploited by an attacker to inject commands into an encrypted user session via a pipe after a POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS command,...
CVE-2023-32290
The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server...
SUSE CVE-2011-1947
fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a 1 STARTTLS or 2 STLS request, which allows remote servers to cause a denial of service application hang by acknowledging the request but not sending additional packets...
SUSE CVE-2021-38084
An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session...
Alpine 安全漏洞
Alpine is an email program. A security vulnerability exists in versions of Alpine prior to 2.25, which stems from the fact that it allows remote attackers to cause a denial of service when sending LIST or LSUB before STARTTLS...
PT-2022-12993 · Unknown · Ldap Connector
Name of the Vulnerable Software and Affected Versions: LDAP connector versions prior to 1.5.20.9 Description: The issue allows unauthenticated access when the LDAP connector is started with StartTLS configured. This problem is related to the LDAP connector, which is bundled with Identity Manageme...
CLSA-2022-1653506138 Fixed CVE-2021-33515 in dovecot
CVE-2021-33515: fix possible command injection by stopping reading commands when input was locked by the STARTTLS command...
CVE-2021-3716
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBDOPTSTRUCTUREDREPLY before proxying everything else a client sends to the server, potentially leading the client to terminat...
UBUNTU-CVE-2021-3716
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBDOPTSTRUCTUREDREPLY before proxying everything else a client sends to the server, potentially leading the client to terminat...
curl: Server responses received before STARTTLS processed after TLS handshake
A flaw was found in curl. The flaw lies in how curl handles cached or pipelined responses that it receives from either a IMAP, POP3, SMTP or FTP server before the TLS upgrade using STARTTLS. In such a scenario curl even after upgrading to TLS would trust these cached responses treating them as...
UBUNTU-CVE-2021-38502
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication...
curl: Server responses received before STARTTLS processed after TLS handshake
A flaw was found in curl. The flaw lies in how curl handles cached or pipelined responses that it receives from either a IMAP, POP3, SMTP or FTP server before the TLS upgrade using STARTTLS. In such a scenario curl even after upgrading to TLS would trust these cached responses treating them as...
Mozilla: Downgrade attack on SMTP STARTTLS connections
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication...
Mozilla Thunderbird 安全漏洞
Mozilla Thunderbird is a suite of email client software from the Mozilla Foundation that is separate from the Mozilla Application Suite. The software supports IMAP and POP email protocols as well as HTML email formats. Mozilla Thunderbird is vulnerable to an information disclosure vulnerability...
OESA-2021-1360 fetchmail security update
Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC for retrieval...
DEBIAN-CVE-2021-22947
When curl = 7.20.0 and = 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instea...
UBUNTU-CVE-2021-22947
When curl = 7.20.0 and = 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instea...
ROS-2-2236
2.2236 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...
ROS-2-2218
2.2218 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...
AZL-7227 CVE-2021-39272 affecting package fetchmail for versions less than 6.4.22-1
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...