34 matches found
CVE-2026-42246
Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...
net-imap vulnerable to STARTTLS stripping via invalid response timing
Summary A man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. Details When using Net::IMAPstarttls to upgrade a plaintext connection to use TLS, a man-in-the-middle attacker can inject a tagged OK response with an easily predictable tag. By sendi...
net-imap vulnerable to STARTTLS stripping via invalid response timing
Summary A man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. Details When using Net::IMAPstarttls to upgrade a plaintext connection to use TLS, a man-in-the-middle attacker can inject a tagged OK response with an easily predictable tag. By sendi...
MiracleLinux 8 : thunderbird-78.12.0-3.el8.ML.1 (AXSA:2021-2308:14)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-2308:14 advisory. Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed CVE-2021-29969 Mozilla: Use-after-free in accessibility features ...
EUVD-2011-2157
Malware in sbrugna...
EUVD-2011-1924
Malware in sbrugna...
EUVD-2011-1437
Malware in sbrugna...
EUVD-2011-1507
Malware in sbrugna...
EUVD-2011-1436
Malware in sbrugna...
EUVD-2020-7926
Malware in sbrugna...
EUVD-2020-4710
Malware in sbrugna...
EUVD-2021-24825
Malware in sbrugna...
EUVD-2014-8400
Malware in sbrugna...
EUVD-2020-7672
Malware in sbrugna...
EUVD-2022-6956
Malicious code in bioql PyPI...
CVE-2013-4584
Perdition before 2.2 may have weak security when handling outbound connections, caused by an error in the STARTTLS IMAP and POP server. ssloutgoingciphers not being applied to STARTTLS connections...
BIT-RUBY-MIN-2021-32066
An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...
OESA-2024-1695 python-aiosmtpd security update
This is a server for SMTP and related protocols, similar in utility to the standard library's smtpd.py module, but rewritten to be based on asyncio for Python 3. Security Fixes: aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on...
OESA-2024-1696 python-aiosmtpd security update
This is a server for SMTP and related protocols, similar in utility to the standard library's smtpd.py module, but rewritten to be based on asyncio for Python 3. Security Fixes: aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on...
CVE-2023-32290
The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server...