DEBIAN-CVE-2021-32066

An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between th...

Security Bulletin: Vulnerabilities in Python affect PowerKVM

Summary PowerKVM is affected by five vulnerabilities in Python. These vulnerabilities are now fixed. Vulnerability Details Affecting both PowerKVM 3.1 and PowerKVM 2.1: CVEID: CVE-2016-0772 DESCRIPTION: Python's smtplib library is vulnerable to a stripping attack. An exception isn't returned by t...

ALPINE-CVE-2017-7485

In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle attacker could use this flaw to strip the...

Debian DLA-871-1 : python3.2 security update

It was discovered that there was a TLS stripping vulnerability in the smptlib library distributed with the CPython interpreter. The library did not return an error if StartTLS failed, which might have allowed man-in-the-middle attackers to bypass the TLS protections by leveraging a network positi...

[SECURITY] [DLA 871-1] python3.2 security update

Package : python3.2 Version : 3.2.3-7+deb7u1 CVE ID : CVE-2016-0772 It was discovered that there was a TLS stripping vulnerability in the smptlib library distributed with the CPython interpreter. The library did not return an error if StartTLS failed, which might have allowed man-in-the-middle...

python: smtplib StartTLS stripping attack

It was found that Python's smtplib library did not return an exception when StartTLS failed to be established in the SMTP.starttls function. A man in the middle attacker could strip out the STARTTLS command without generating an exception on the Python SMTP client application, preventing the...

openSUSE Security Update : python (openSUSE-2016-906)

Python was updated to fix three security issues. The following vulnerabilities were fixed : - CVE-2016-0772: TLS stripping attack on smtplib bsc984751 - CVE-2016-5636: zipimporter heap overflow bsc985177 - CVE-2016-5699: httplib header injection bsc985348 This update also includes all upstream bu...

smtplib Security Bypass Vulnerability

smtplib is a python based package for implementing SMTP clients. A security vulnerability exists in smtplib that allows remote attackers to conduct man-in-the-middle and startTLS stripping attacks...

rhev: remote-viewer spice tls-stripping issue

The remote-viewer in Red Hat Enterprise Virtualization Manager RHEV-M before 3.3, when using a native SPICE client invocation method, initially makes insecure connections to the SPICE server, which allows man-in-the-middle attackers to spoof the SPICE server...