Lucene search
+L

1112 matches found

OSV
OSV
added 2026/05/04 10:1 p.m.14 views

GHSA-VCGP-9326-PQCP net-imap vulnerable to STARTTLS stripping via invalid response timing

Summary A man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. Details When using Net::IMAPstarttls to upgrade a plaintext connection to use TLS, a man-in-the-middle attacker can inject a tagged OK response with an easily predictable tag. By sendi...

7.6CVSS5.9AI score0.00324EPSS
Exploits0References14
Github Security Blog
Github Security Blog
added 2026/05/04 10:1 p.m.7 views

net-imap vulnerable to STARTTLS stripping via invalid response timing

Summary A man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. Details When using Net::IMAPstarttls to upgrade a plaintext connection to use TLS, a man-in-the-middle attacker can inject a tagged OK response with an easily predictable tag. By sendi...

7.6CVSS5.9AI score0.00324EPSS
Exploits0References14Affected Software1
RubySec
RubySec
added 2026/05/04 12:0 a.m.18 views

net-imap vulnerable to STARTTLS stripping via invalid response timing

Summary A man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. Details When using Net::IMAPstarttls to upgrade a plaintext connection to use TLS, a man-in-the-middle attacker can inject a tagged OK response with an easily predictable tag. By sendi...

7.6CVSS5.8AI score0.00324EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/30 12:33 p.m.10 views

GHSA-X8MH-94WC-33GV apache-airflow-providers-smtp: No certificate validation on SMTP STARTTLS connections in SMTP provider

Apache Airflow's SMTP provider SmtpHook called Python's smtplib.SMTP.starttls without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS...

5.9CVSS5.8AI score0.00268EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/30 12:33 p.m.11 views

apache-airflow-providers-smtp: No certificate validation on SMTP STARTTLS connections in SMTP provider

Apache Airflow's SMTP provider SmtpHook called Python's smtplib.SMTP.starttls without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS...

5.9CVSS5.8AI score0.00268EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/04/30 10:20 a.m.5 views

Improper Certificate Validation

Overview apache-airflow-providers-smtp is a Provider for Apache Airflow. Implements apache-airflow-providers-smtp package Affected versions of this package are vulnerable to Improper Certificate Validation in the SmtpHook when establishing a STARTTLS connection. An attacker can intercept SMTP...

8.2CVSS5.8AI score0.00268EPSS
Exploits0References2
PyPA
PyPA
added 2026/04/30 10:16 a.m.13 views

PYSEC-2026-24

Apache Airflow's SMTP provider SmtpHook called Python's smtplib.SMTP.starttls without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS...

5.9CVSS5.8AI score0.00268EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/30 10:16 a.m.10 views

PYSEC-2026-24

Apache Airflow's SMTP provider SmtpHook called Python's smtplib.SMTP.starttls without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS...

5.9CVSS5.8AI score0.00268EPSS
Exploits0References3
NVD
NVD
added 2026/04/30 10:16 a.m.10 views

CVE-2026-41016

Apache Airflow's SMTP provider SmtpHook called Python's smtplib.SMTP.starttls without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS...

5.9CVSS0.00268EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/30 9:9 a.m.33 views

CVE-2026-41016 Apache Airflow Providers SMTP: No certificate validation on SMTP STARTTLS connections in SMTP provider

Apache Airflow's SMTP provider SmtpHook called Python's smtplib.SMTP.starttls without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS...

0.00268EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/30 9:9 a.m.9 views

CVE-2026-41016 Apache Airflow Providers SMTP: No certificate validation on SMTP STARTTLS connections in SMTP provider

Apache Airflow's SMTP provider SmtpHook called Python's smtplib.SMTP.starttls without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS...

5.3AI score0.00268EPSS
Exploits0References2
CVE
CVE
added 2026/04/30 9:9 a.m.20 views

CVE-2026-41016

CVE-2026-41016 affects Apache Airflow’s SMTP provider SmtpHook. The SMTP workflow calls smtplib.SMTP.starttls() without supplying an SSL context, so TLS upgrades do not validate certificates. This enables a man-in-the-middle between the Airflow worker and the SMTP server to present a self-signed ...

5.9CVSS5.3AI score0.00268EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/30 9:9 a.m.6 views

CVE-2026-41016

Apache Airflow's SMTP provider SmtpHook called Python's smtplib.SMTP.starttls without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS...

5.9CVSS5.3AI score0.00268EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.5 views

PT-2026-36084

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-smtp affected versions not specified Description The SmtpHook component in the SMTP provider calls the Python function smtplib.SMTP.starttls without an SSL context. This omission prevents certificate validation during...

5.9CVSS5.2AI score0.00268EPSS
Exploits0References160
Vulnrichment
Vulnrichment
added 2026/04/24 3:7 a.m.6 views

CVE-2026-41319 MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade

MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication...

6.5CVSS5.8AI score0.00223EPSS
Exploits1References1
CVE
CVE
added 2026/04/24 3:7 a.m.31 views

CVE-2026-41319

Summary (CVE-2026-41319) MailKit (MimeKit-based) exposes a STARTTLS vulnerability where the internal read buffers of SmtpStream, ImapStream, and Pop3Stream are not flushed when upgrading to TLS with SslStream. This allows pre-TLS attacker-injected data to be treated as post-TLS, enabling a MITM-b...

6.5CVSS6AI score0.00223EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/04/24 3:7 a.m.4 views

CVE-2026-41319 MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade

MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication...

6.5CVSS6.2AI score0.00223EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/24 3:7 a.m.36 views

CVE-2026-41319 MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade

MailKit is a cross-platform mail client library built on top of MimeKit. A STARTTLS Response Injection vulnerability in versions prior to 4.16.0 allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication...

6.5CVSS0.00223EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.13 views

MailKit 注入漏洞

MailKit is a cross-platform email client library developed by Jeffrey Stedfast. Versions of MailKit prior to 4.16.0 had an injection vulnerability. This vulnerability stemmed from STARTTLS response injection, which allowed man-in-the-middle attackers to inject arbitrary protocol responses, thereb...

6.5CVSS5.9AI score0.00223EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/18 1:13 a.m.69 views

MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade

Summary A STARTTLS Response Injection vulnerability in MailKit allows a Man-in-the-Middle attacker to inject arbitrary protocol responses across the plaintext-to-TLS trust boundary, enabling SASL authentication mechanism downgrade e.g., forcing PLAIN instead of SCRAM-SHA-256. The internal read...

6.8CVSS6.8AI score0.16334EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder