SUSE CVE-2020-15685

During the plaintext phase of the STARTTLS connection setup, protocol commands could have been injected and evaluated within the encrypted session. This vulnerability affects Thunderbird 78.7...

CVE-2022-28220

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests...

OPENSUSE-SU-2021:1384-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM bsc1190374. - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed bsc1190373. This update was imported from the SUSE:SLE-15-SP2:Update update project...

SUSE-SU-2021:3332-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM bsc1190374. - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed bsc1190373...

SUSE-SU-2021:3298-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM bsc1190374. - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed bsc1190373...

OPENSUSE-SU-2021:3298-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM bsc1190374. - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed bsc1190373...

SUSE-SU-2021:3297-1 Security update for curl

This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM bsc1190374. - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed bsc1190373...

Security update for curl (moderate)

openSUSE Security Update: Security update for curl Announcement ID: openSUSE-SU-2021:3298-1 Rating: moderate References: 1190373 1190374 Cross-References: CVE-2021-22946 CVE-2021-22947 CVSS scores: CVE-2021-22946 SUSE: 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-22947 SUSE: 5.9...

STARTTLS protocol injection via MITM

When curl connects to an IMAP, POP3, SMTP or FTP server to exchange data securely using STARTTLS to upgrade the connection to TLS level, the server can still respond and send back multiple responses before the TLS upgrade. Such multiple pipelined responses are cached by curl. curl would then...

Slackware: Security Advisory (SSA:2011-171-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...