6 matches found
EUVD-2026-41503
A vulnerability exists where a new transfer that uses STARTTLS to upgrade the connection might reuse an existing live connection even though the TLS configuration mismatches so it should not...
PT-2022-18884 · Apache · Apache James
Name of the Vulnerable Software and Affected Versions: Apache James versions prior to 3.6.3 Apache James versions prior to 3.7.1 Description: The issue is related to a buffering attack that relies on the use of the STARTTLS command. It is similar to a previously solved problem in Apache James...
CLSA-2021-1635459163 Fix CVE(s): CVE-2021-22946, CVE-2021-22947
SECURITY UPDATE: Protocol downgrade required TLS bypassed - debian/patches/CVE-2021-22946-pre1.patch: separate FTPS from FTP over HTTPS proxy in lib/ftp.c, lib/urldata.h. - debian/patches/CVE-2021-22946-pre2.patch: support PREAUTH response code in lib/imap.c, lib/imap.h, tests/data/Makefile.inc,...
Smartertools SmarterTools SmarterMail 命令注入漏洞
Smartertools SmarterTools SmarterMail is a set of mail server software from SmarterTools Smartertools, USA. The program supports spam filtering, statistics, simple mail transfer protocol SMTP authentication and other features. SmarterTools SmarterMail suffers from a security vulnerability that...
The vulnerability of the STARTTLS component of the Keycloak identity and access management software lies in implementation errors related to authentication procedures. This allows attackers to escalate their privileges.
The vulnerability of the STARTTLS component of the Keycloak identity and access management software is related to implementation errors in authentication procedures. Exploiting this vulnerability can allow attackers to enhance their privileges remotely...
UBUNTU-CVE-2011-1947
fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a 1 STARTTLS or 2 STLS request, which allows remote servers to cause a denial of service application hang by acknowledging the request but not sending additional packets...