Lucene search
K

97 matches found

OSV
OSV
added 2020/10/22 1:22 p.m.3 views

USN-4598-1 libetpan vulnerability

It was discovered that LibEtPan incorrectly handled STARTTLS when using IMAP, SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack. CVE-2020-15953...

7.4CVSS7.2AI score0.02393EPSS
Exploits1References2
OSV
OSV
added 2020/07/27 7:15 a.m.2 views

DEBIAN-CVE-2020-15953

LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data e.g., from a meddler-in-the-middle attacker and evaluates it in a TLS...

7.4CVSS7.3AI score0.02393EPSS
Exploits1References1
CNVD
CNVD
added 2020/07/24 12:0 a.m.3 views

Claws Mail Protocol Violation Vulnerability

Claws Mail is a free, open source, lightweight, highly configurable, C/GTK+ based email client. A protocol violation vulnerability exists in common/session.c in Claws Mail versions prior to 3.17.6, which stems from mishandling of postfix data after STARTTLS, for which no detailed vulnerability...

9.8CVSS6.8AI score0.02592EPSS
Exploits0References1
OSV
OSV
added 2020/07/23 7:15 p.m.3 views

UBUNTU-CVE-2020-15917

common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled...

9.8CVSS7.3AI score0.02592EPSS
Exploits0References4
OSV
OSV
added 2020/07/22 12:3 p.m.6 views

USN-4429-1 evolution-data-server vulnerability

It was discovered that Evolution Data Server incorrectly handled STARTTLS when using SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack...

5.9CVSS6.9AI score0.02808EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2020/06/22 8:55 a.m.2 views

Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage

The Mozilla Foundation Security Advisory describes this flaw as: If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection...

7.5CVSS7.3AI score0.00976EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/06/19 3:16 a.m.2 views

Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage

The Mozilla Foundation Security Advisory describes this flaw as: If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection...

7.5CVSS7.3AI score0.00976EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2020/06/19 1:55 a.m.5 views

Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage

The Mozilla Foundation Security Advisory describes this flaw as: If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection...

7.5CVSS7.3AI score0.00976EPSS
Exploits0References5
OSV
OSV
added 2020/06/09 12:0 a.m.2 views

UBUNTU-CVE-2020-12398

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird 68.9.0...

7.5CVSS7.1AI score0.00976EPSS
Exploits0References4
OSV
OSV
added 2018/08/24 1:29 p.m.3 views

CVE-2018-11749

When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS...

9.8CVSS5.8AI score0.00758EPSS
Exploits0References1
CNVD
CNVD
added 2018/07/24 12:0 a.m.4 views

GNOME evolution-data-server IMAPx component information disclosure vulnerability

GNOME evolution-data-server is the GNOME project's set of mail data servers for the Gnome desktop environment on Linux.IMAPx is one of the components used to handle mail and folders. An information disclosure vulnerability exists in the camel/providers/imapx/camel-imapx-server.c file of the IMAPx...

9.8CVSS8.8AI score0.02889EPSS
Exploits1References1
OSV
OSV
added 2018/07/20 12:0 a.m.13 views

UBUNTU-CVE-2016-10727

camel/providers/imapx/camel-imapx-server.c in the IMAPx component in GNOME evolution-data-server before 3.21.2 proceeds with cleartext data containing a password if the client wishes to use STARTTLS but the server will not use STARTTLS, which makes it easier for remote attackers to obtain sensiti...

9.8CVSS7.4AI score0.02889EPSS
Exploits1References5
CNVD
CNVD
added 2016/06/19 12:0 a.m.3 views

smtplib Security Bypass Vulnerability

smtplib is a python based package for implementing SMTP clients. A security vulnerability exists in smtplib that allows remote attackers to conduct man-in-the-middle and startTLS stripping attacks...

6.5CVSS7.8AI score0.1503EPSS
Exploits3References1
OpenVAS
OpenVAS
added 2014/04/25 12:0 a.m.33 views

SSL/TLS: LDAP 'Start TLS OID' Detection

Checks if the remote LDAP server supports SSL/TLS with the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.1AI score
Exploits0References1
GithubExploit
GithubExploit
added 2014/04/07 11:3 p.m.3 views

Exploit for Out-of-bounds Read in Openssl

Heartbleed ========== A checker site and tool for CVE-2014-01...

7.5CVSS6.9AI score0.99999EPSS
Exploits88
OSV
OSV
added 2011/05/23 10:55 p.m.3 views

DEBIAN-CVE-2011-1575

The STARTTLS implementation in ftpparser.c in Pure-FTPd before 1.0.30 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted FTP sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext...

5.8CVSS9.1AI score0.33341EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2011/04/06 10:56 p.m.7 views

postfix: SMTP commands injection during plaintext to TLS session switch

The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x before 2.5.12, 2.6.x before 2.6.9, and 2.7.x before 2.7.3 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted SMTP sessions by sending a cleartext command that is...

6.8CVSS7.4AI score0.16334EPSS
Exploits1References4
Rows per page
Query Builder