30 matches found
CVE-2019-14383
CVE-2019-14383 affects libopenmpt prior to 0.4.2, where J2B parsing can trigger an assertion failure when handling debug STLs. Multiple third‑party advisories (SUSE/openSUSE updates and related OSS/OSV listings) confirm this vulnerability and show a fix was released in libopenmpt 0.4.2 and newer....
SSL/TLS: POP3 Missing Support For STLS
The remote POP3 server does not support the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SSL/TLS: POP3 'STLS' Command Detection
Checks if the remote POP3 server supports SSL/TLS with the Copyright C 2014 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...
CVE-2011-1947
fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a 1 STARTTLS or 2 STLS request, which allows remote servers to cause a denial of service application hang by acknowledging the request but not sending additional packets...
CVE-2011-1947
fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a 1 STARTTLS or 2 STLS request, which allows remote servers to cause a denial of service application hang by acknowledging the request but not sending additional packets...
CVE-2011-1947
fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a 1 STARTTLS or 2 STLS request, which allows remote servers to cause a denial of service application hang by acknowledging the request but not sending additional packets...
CVE-2011-1947
CVE-2011-1947 affects fetchmail 5.9.9–6.3.19. The issue is an insufficient wait-time limiter after STARTTLS or STLS, allowing a remote server to trigger a denial-of-service (application hang) by acknowledging the request but sending no further packets. The provided documents confirm this vulnerab...
POP3 Service STLS Plaintext Command Injection
The remote POP3 service contains a software flaw in its STLS implementation that could allow a remote, unauthenticated attacker to inject commands during the plaintext protocol phase that will be executed during the ciphertext protocol phase. Successful exploitation could allow an attacker to ste...
POP3 Service STLS Command Support
The remote POP3 service supports the use of the 'STLS' command to switch from a cleartext to an encrypted communications channel. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid42087; scriptversion"1.13"; scriptsetattributeattribute:"pluginmodificationdate",...
fetchmail -- TLS enforcement problem/MITM attack/password exposure
Matthias Andree reports: Fetchmail has had several longstanding password disclosure vulnerabilities. sslcertck/sslfingerprint options should have implied "sslproto tls1" in order to enforce TLS negotiation, but did not. Even with "sslproto tls1" in the config, fetches would go ahead in plain text...