18 matches found
EUVD-2021-1565
Malware in sbrugna...
EUVD-2021-26997
Malware in sbrugna...
CVE-2021-33900
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...
CVE-2021-3716
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBDOPTSTRUCTUREDREPLY before proxying everything else a client sends to the server, potentially leading the client to terminat...
CVE-2021-3716
A flaw was found in nbdkit due to to improperly caching plaintext state across the STARTTLS encryption boundary. A MitM attacker could use this flaw to inject a plaintext NBDOPTSTRUCTUREDREPLY before proxying everything else a client sends to the server, potentially leading the client to terminat...
OPENSUSE-SU-2021:1591-1 Security update for fetchmail
This update for fetchmail fixes the following issues: - CVE-2021-36386: Fixed DoS or information disclosure in some configurations bsc1188875. - CVE-2021-39272: Fixed STARTTLS session encryption bypassing fetchmail-SA-2021-02 bsc1190069. - Update to 6.4.22 bsc1152964, jscSLE-18159, jscSLE-17903,...
openSUSE 15 Security Update : fetchmail (openSUSE-SU-2021:4018-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:4018-1 advisory. - reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow ma...
OPENSUSE-SU-2021:1416-1 Security update for fetchmail
This update for fetchmail fixes the following issues: - CVE-2021-39272: Fix failure to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. bsc1190069 This update was imported from the SUSE:SLE-15:Update update project...
SUSE SLED15 / SLES15 Security Update : fetchmail (SUSE-SU-2021:3493-1)
The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3493-1 advisory. - Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...
OPENSUSE-SU-2021:3493-1 Security update for fetchmail
This update for fetchmail fixes the following issues: - CVE-2021-39272: Fix failure to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. bsc1190069...
SUSE-SU-2021:3492-1 Security update for fetchmail
This update for fetchmail fixes the following issues: - CVE-2021-39272: Fix failure to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. bsc1190069...
Security update for fetchmail (moderate)
openSUSE Security Update: Security update for fetchmail Announcement ID: openSUSE-SU-2021:3493-1 Rating: moderate References: 1190069 Cross-References: CVE-2021-39272 CVSS scores: CVE-2021-39272 SUSE: 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: openSUSE Leap 15.3 An update...
Information Disclosure
Fetchmail is vulnerable to informaiton disclosure. It fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...
CVE-2021-39272
Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...
CVE-2020-15955
In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the MitM attacker...
Authentication flaw
While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...
Apache Directory Studio 安全漏洞
Apache Directory Studio is a complete directory tool platform from the Apache Foundation USA, designed to be used with any LDAP server, but it is specifically designed for use with ApacheDS. A security vulnerability exists in Apache Directory Studio version 2.0.0.v20210213-M16 and prior versions...
EFF Calls Out ISPs Modifying STARTTLS Encryption Commands
As Net Neutrality debates swirl, privacy advocates at the Electronic Frontier Foundation and VPN provider Golden Frog have gone public with a Federal Communications Commission filing that got more attention for accusations that Verizon FIOS customers were having their Netflix streaming service...