Lucene search
K

8 matches found

Github Security Blog
Github Security Blog
added 2024/08/31 12:31 a.m.22 views

Missing hostname validation in Kroxylicious

A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perfor...

5.9CVSS6.5AI score0.00378EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/30 9:10 p.m.17 views

CVE-2024-8285 Kroxylicious: missing upstream kafka tls hostname verification

A flaw was found in Kroxylicious. When establishing the connection with the upstream Kafka server using a TLS secured connection, Kroxylicious fails to properly verify the server's hostname, resulting in an insecure connection. For a successful attack to be performed, the attacker needs to perfor...

5.9CVSS6.6AI score0.00378EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/02/25 12:0 a.m.41 views

EulerOS 2.0 SP8 : dovecot (EulerOS-SA-2020-1146)

According to the versions of the dovecot packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AU...

7.5CVSS7.8AI score0.02525EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2020/01/09 12:0 a.m.29 views

openSUSE: Security Advisory for dovecot23 (openSUSE-SU-2019:2281-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9AI score0.62579EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2019/10/03 12:0 a.m.44 views

SUSE SLES15 Security Update : dovecot23 (SUSE-SU-2019:2514-1)

This update for dovecot23 fixes the following issues : CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. bsc1145559 CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel bsc1133625. CVE-2019-11494: Fixed a denia...

9.8CVSS7.9AI score0.62579EPSS
Exploits1References10
AlpineLinux
AlpineLinux
added 2019/05/08 5:0 p.m.42 views

CVE-2019-11499

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message...

7.5CVSS7.7AI score0.02525EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2019/04/30 12:0 p.m.26 views

CVE-2019-11499

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message...

7.5CVSS7.1AI score0.02525EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2016/06/17 12:0 a.m.34 views

Palo Alto Networks User-ID Agent < 7.0.4 TLS-Secured API Invocation Credential Disclosure (PAN-SA-2016-0007)

The version of Palo Alto Networks User-ID agent installed on the remote Windows host is prior to 7.0.4. It is, therefore, affected by a flaw that allows a TLS-secured API call to return encrypted credentials to the domain account configured on the User-ID agent, which has read-only rights for...

5.6AI score
Exploits0References1
Rows per page
Query Builder