Lucene search
K

98 matches found

CNNVD
CNNVD
added 2023/05/29 12:0 a.m.8 views

Citadel 命令注入漏洞

Citadel is an asset management software from Citadel, Inc. in the United States. A security vulnerability exists in Citadel webcit 926, which can be exploited by an attacker to inject commands into an encrypted user session via a pipe after a POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS command,...

5.9CVSS6.1AI score0.00753EPSS
Exploits0References3
OSV
OSV
added 2023/05/07 2:15 a.m.4 views

CVE-2023-32290

The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server...

7.5CVSS5.8AI score0.0042EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.5 views

SUSE CVE-2011-1947

fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a 1 STARTTLS or 2 STLS request, which allows remote servers to cause a denial of service application hang by acknowledging the request but not sending additional packets...

5CVSS6.9AI score0.02551EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.6 views

SUSE CVE-2021-38084

An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session...

8.1CVSS8AI score0.01358EPSS
Exploits0References3
CNNVD
CNNVD
added 2022/11/03 12:0 a.m.5 views

Alpine 安全漏洞

Alpine is an email program. A security vulnerability exists in versions of Alpine prior to 2.25, which stems from the fact that it allows remote attackers to cause a denial of service when sending LIST or LSUB before STARTTLS...

5.9CVSS6AI score0.00841EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/09/19 12:0 a.m.6 views

PT-2022-12993 · Unknown · Ldap Connector

Name of the Vulnerable Software and Affected Versions: LDAP connector versions prior to 1.5.20.9 Description: The issue allows unauthenticated access when the LDAP connector is started with StartTLS configured. This problem is related to the LDAP connector, which is bundled with Identity Manageme...

9.8CVSS9.5AI score0.00545EPSS
Exploits0References5
OSV
OSV
added 2022/05/25 7:15 p.m.8 views

CLSA-2022-1653506138 Fixed CVE-2021-33515 in dovecot

CVE-2021-33515: fix possible command injection by stopping reading commands when input was locked by the STARTTLS command...

5.8CVSS6.8AI score0.02837EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/03/02 11:15 p.m.3 views

CVE-2021-3716

A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBDOPTSTRUCTUREDREPLY before proxying everything else a client sends to the server, potentially leading the client to terminat...

3.5CVSS6.6AI score0.00573EPSS
Exploits0References6
OSV
OSV
added 2022/03/02 11:15 p.m.4 views

UBUNTU-CVE-2021-3716

A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBDOPTSTRUCTUREDREPLY before proxying everything else a client sends to the server, potentially leading the client to terminat...

3.1CVSS7.2AI score0.00573EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/02/22 3:58 p.m.5 views

curl: Server responses received before STARTTLS processed after TLS handshake

A flaw was found in curl. The flaw lies in how curl handles cached or pipelined responses that it receives from either a IMAP, POP3, SMTP or FTP server before the TLS upgrade using STARTTLS. In such a scenario curl even after upgrading to TLS would trust these cached responses treating them as...

5.9CVSS7.2AI score0.02799EPSS
Exploits1References5
OSV
OSV
added 2021/11/03 1:15 a.m.3 views

UBUNTU-CVE-2021-38502

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication...

5.9CVSS7.4AI score0.01066EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2021/11/02 9:6 a.m.2 views

curl: Server responses received before STARTTLS processed after TLS handshake

A flaw was found in curl. The flaw lies in how curl handles cached or pipelined responses that it receives from either a IMAP, POP3, SMTP or FTP server before the TLS upgrade using STARTTLS. In such a scenario curl even after upgrading to TLS would trust these cached responses treating them as...

5.9CVSS7.2AI score0.02799EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2021/10/13 9:41 a.m.4 views

Mozilla: Downgrade attack on SMTP STARTTLS connections

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication...

5.9CVSS7.5AI score0.01066EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/10/12 12:0 a.m.3 views

Mozilla Thunderbird 安全漏洞

Mozilla Thunderbird is a suite of email client software from the Mozilla Foundation that is separate from the Mozilla Application Suite. The software supports IMAP and POP email protocols as well as HTML email formats. Mozilla Thunderbird is vulnerable to an information disclosure vulnerability...

5.9CVSS6.6AI score0.01066EPSS
Exploits0References16
OSV
OSV
added 2021/09/30 11:3 a.m.5 views

OESA-2021-1360 fetchmail security update

Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC for retrieval...

5.9CVSS6.9AI score0.00925EPSS
Exploits0References2
OSV
OSV
added 2021/09/29 8:15 p.m.11 views

DEBIAN-CVE-2021-22947

When curl = 7.20.0 and = 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instea...

5.9CVSS6.5AI score0.02799EPSS
Exploits1References1
OSV
OSV
added 2021/09/15 12:0 a.m.3 views

UBUNTU-CVE-2021-22947

When curl = 7.20.0 and = 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instea...

5.9CVSS6.5AI score0.02799EPSS
Exploits1References8
Redos
Redos
added 2021/09/08 12:0 a.m.3 views

ROS-2-2236

2.2236 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...

8.8CVSS9.5AI score0.04028EPSS
Exploits1
Redos
Redos
added 2021/09/08 12:0 a.m.4 views

ROS-2-2218

2.2218 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...

8.8CVSS10AI score0.06305EPSS
Exploits2
OSV
OSV
added 2021/08/30 6:15 a.m.6 views

AZL-7227 CVE-2021-39272 affecting package fetchmail for versions less than 6.4.22-1

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

5.9CVSS6AI score0.00925EPSS
Exploits0References1
Rows per page
Query Builder