Lucene search
+L

98 matches found

OSV
OSV
added 2021/08/30 6:15 a.m.7 views

AZL-7227 CVE-2021-39272 affecting package fetchmail for versions less than 6.4.22-1

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

5.9CVSS6AI score0.00925EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/08/30 12:0 a.m.3 views

Libguestfs Nbdkit 安全漏洞

Libguestfs Nbdkit is an application from the Libguestfs community for creating NBD Protocol for Accessing Network Block Devices servers. Libguestfs Nbdkit suffers from a security vulnerability that can be exploited by an attacker to trigger a denial of service by causing a fatal error via Nbdkit'...

3.5CVSS6.5AI score0.00573EPSS
Exploits0References9
OSV
OSV
added 2021/08/10 3:15 p.m.2 views

DEBIAN-CVE-2021-38370

In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS...

5.9CVSS5.9AI score0.01565EPSS
Exploits1References1
OSV
OSV
added 2021/08/10 3:15 p.m.5 views

UBUNTU-CVE-2021-38372

In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS...

3.7CVSS5.8AI score0.00788EPSS
Exploits1References4
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.13 views

Exim 注入漏洞

Exim is an open source messaging agent MTA running on Unix systems that routes, forwards and delivers mail. A security vulnerability in the STARTTLS feature in Exim up to 4.94.2 allows an attacker to perform response injection buffering during MTA SMTP delivery...

7.5CVSS7.4AI score0.01996EPSS
Exploits0References5
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.8 views

Alpine 命令注入漏洞

Alpine is an email program. A command injection vulnerability exists in Alpine 2.24 that arises from the affected product accepting an untagged response from an IMAP server before STARTTLS...

5.9CVSS5.9AI score0.01565EPSS
Exploits1References7
CNNVD
CNNVD
added 2021/08/10 12:0 a.m.9 views

KDE Trojita 命令注入漏洞

KDE Trojita is a lightweight IMAP email client for the KDE community. A security vulnerability exists in KDE Trojita 0.7 that stems from the affected product accepting an untagged response from an IMAP server before STARTTLS...

4.3CVSS5AI score0.00788EPSS
Exploits1References3
OSV
OSV
added 2021/08/06 11:3 a.m.3 views

OESA-2021-1306 ruby security update

Ruby is a fast and easy interpreted scripting language for object-oriented programming. It has many functions for processing text Files and perform system management tasks such as Perl. Security Fixes: In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible t...

7.4CVSS7.3AI score0.0305EPSS
Exploits2References4
OSV
OSV
added 2021/08/01 7:15 p.m.3 views

DEBIAN-CVE-2021-32066

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...

7.4CVSS6.2AI score0.02909EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2021/08/01 7:15 p.m.3 views

CVE-2021-32066

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...

7.4CVSS6.7AI score0.02909EPSS
Exploits1References9
RubySec
RubySec
added 2021/08/01 12:0 a.m.9 views

imap - StartTLS stripping attack

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...

7.4CVSS7AI score0.02909EPSS
Exploits1References1Affected Software1
RedHat Linux
RedHat Linux
added 2021/07/26 11:39 a.m.4 views

Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed

If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...

5.9CVSS7.4AI score0.012EPSS
Exploits0References4
OSV
OSV
added 2021/07/26 7:15 a.m.84 views

UBUNTU-CVE-2021-33900

While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...

7.5CVSS7.1AI score0.00793EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/07/13 12:0 a.m.3 views

Mozilla Thunderbird 命令注入漏洞

Mozilla Thunderbird is an open source email client. A command injection vulnerability exists in the Mozilla Thunderbird product, which stems from a problem in the way Thunderbird handles IMAP server responses sent prior to the STARTTLS process. An attacker could exploit this vulnerability to send...

5.9CVSS7.5AI score0.012EPSS
Exploits0References21
OSV
OSV
added 2021/06/28 1:15 p.m.5 views

AZL-7196 CVE-2021-33515 affecting package dovecot for versions less than 2.3.20-1

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address...

4.8CVSS6.7AI score0.02837EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2021/06/22 6:7 p.m.61 views

Email Bug Allows Message Snooping, Credential Theft

Researchers warn hackers can snoop on email messages by exploiting a bug in the underlying technology used by the majority of email servers that run the Internet Message Access Protocol, commonly referred to as IMAP. The bug, first reported in August 2020 and patched Monday, is tied to the email...

5.8CVSS6.7AI score0.02837EPSS
Exploits0References11
OSV
OSV
added 2021/06/21 12:0 p.m.14 views

UBUNTU-CVE-2021-33515

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address...

4.8CVSS6.7AI score0.02837EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2021/06/21 12:0 a.m.12 views

PT-2021-3385 · Dovecot +9 · Dovecot +9

Name of the Vulnerable Software and Affected Versions: Dovecot versions prior to 2.3.15 Description: The issue is related to the submission service in Dovecot, which allows STARTTLS command injection in lib-smtp. This can lead to sensitive information being redirected to an attacker-controlled...

9.8CVSS6.5AI score0.62579EPSS
Exploits15References101
BDU FSTEC
BDU FSTEC
added 2021/04/20 12:0 a.m.5 views

The vulnerability of Thunderbird’s email client stems from insufficient validation of input data during the IMAP connection setup using STARTTLS. This allows attackers to compromise the confidentiality and integrity of the protected information.

The vulnerability of the Thunderbird email client is related to insufficient validation of input data during the IMAP connection setup using STARTTLS. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information...

6.5CVSS7.6AI score0.00848EPSS
Exploits1References13Affected Software7
RedHat Linux
RedHat Linux
added 2021/01/28 7:58 p.m.3 views

Mozilla: IMAP Response Injection when using STARTTLS

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes that during the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session...

8.8CVSS7.3AI score0.00848EPSS
Exploits1References5
Rows per page
Query Builder