97 matches found
USN-4598-1 libetpan vulnerability
It was discovered that LibEtPan incorrectly handled STARTTLS when using IMAP, SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack. CVE-2020-15953...
DEBIAN-CVE-2020-15953
LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...
Claws Mail Protocol Violation Vulnerability
Claws Mail is a free, open source, lightweight, highly configurable, C/GTK+ based email client. A protocol violation vulnerability exists in common/session.c in Claws Mail versions prior to 3.17.6, which stems from mishandling of postfix data after STARTTLS, for which no detailed vulnerability...
UBUNTU-CVE-2020-15917
common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled...
USN-4429-1 evolution-data-server vulnerability
It was discovered that Evolution Data Server incorrectly handled STARTTLS when using SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack...
Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage
The Mozilla Foundation Security Advisory describes this flaw as: If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection...
Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage
The Mozilla Foundation Security Advisory describes this flaw as: If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection...
Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage
The Mozilla Foundation Security Advisory describes this flaw as: If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection...
UBUNTU-CVE-2020-12398
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird 68.9.0...
CVE-2018-11749
When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS...
GNOME evolution-data-server IMAPx component information disclosure vulnerability
GNOME evolution-data-server is the GNOME project's set of mail data servers for the Gnome desktop environment on Linux.IMAPx is one of the components used to handle mail and folders. An information disclosure vulnerability exists in the camel/providers/imapx/camel-imapx-server.c file of the IMAPx...
UBUNTU-CVE-2016-10727
camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensiti...
smtplib Security Bypass Vulnerability
smtplib is a python based package for implementing SMTP clients. A security vulnerability exists in smtplib that allows remote attackers to conduct man-in-the-middle and startTLS stripping attacks...
SSL/TLS: LDAP 'Start TLS OID' Detection
Checks if the remote LDAP server supports SSL/TLS with the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Exploit for Out-of-bounds Read in Openssl
Heartbleed ========== A checker site and tool for CVE-2014-01...
DEBIAN-CVE-2011-1575
The STARTTLS implementation in ftpparser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext...
postfix: SMTP commands injection during plaintext to TLS session switch
The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...