21 matches found
CVE-2026-23767
ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection...
CVE-2023-7009
Some Sciener-based locks support plaintext message processing over Bluetooth Low Energy, allowing unencrypted malicious commands to be passed to the lock. These malicious commands, less then 16 bytes in length, will be processed by the lock as if they were encrypted communications. This can be...
OESA-2024-1696 python-aiosmtpd security update
This is a server for SMTP and related protocols, similar in utility to the standard library's smtpd.py module, but rewritten to be based on asyncio for Python 3. Security Fixes: aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on...
SUSE CVE-2024-34083
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...
aiosmtpd STARTTLS unencrypted commands injection
Summary Servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a MitM attack. References NO STARTTLS: Similar vulnerabilities discovered by previous researchers...
GHSA-WGJV-9J3Q-JHG8 aiosmtpd STARTTLS unencrypted commands injection
Summary Servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a MitM attack. References NO STARTTLS: Similar vulnerabilities discovered by previous researchers...
DEBIAN-CVE-2024-34083
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...
CVE-2024-34083
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...
CVE-2024-34083 STARTTLS unencrypted commands injection
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...
CVE-2024-34083 STARTTLS unencrypted commands injection
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...
CVE-2024-34083
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...
CVE-2024-34083
CVE-2024-34083 affects aiosmtpd (Python SMTP server) prior to 1.4.6. The issue allows a MITM-style scenario where servers accept extra unencrypted commands after STARTTLS, as if from inside the encrypted channel. The vulnerability is mitigated by upgrading to aiosmtpd 1.4.6, which includes a patc...
CVE-2024-34083 STARTTLS unencrypted commands injection
aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by a man-in-the-middle...
PT-2024-25694 · Aiosmtpd · Aiosmtpd
Name of the Vulnerable Software and Affected Versions: aiosmtpd versions prior to 1.4.6 Description: The issue concerns servers based on aiosmtpd, which accept extra unencrypted commands after STARTTLS, treating them as if they came from inside the encrypted connection. This could be exploited by...
CVE-2023-7009
Some Sciener-based locks support plaintext message processing over Bluetooth Low Energy, allowing unencrypted malicious commands to be passed to the lock. These malicious commands, less then 16 bytes in length, will be processed by the lock as if they were encrypted communications. This can be...
CVE-2023-7009 CVE-2023-7009
Some Sciener-based locks support plaintext message processing over Bluetooth Low Energy, allowing unencrypted malicious commands to be passed to the lock. These malicious commands, less then 16 bytes in length, will be processed by the lock as if they were encrypted communications. This can be...
CVE-2023-7009
CVE-2023-7009 affects Sciener-based locks where plaintext BLE messages are processed as encrypted communications. The issue allows unencrypted commands (less than 16 bytes) to be treated as valid encrypted traffic, potentially compromising lock integrity. Connected sources identify affected compo...
CVE-2023-7009 CVE-2023-7009
Some Sciener-based locks support plaintext message processing over Bluetooth Low Energy, allowing unencrypted malicious commands to be passed to the lock. These malicious commands, less then 16 bytes in length, will be processed by the lock as if they were encrypted communications. This can be...
PT-2024-15176 · Unknown · Sciener-Based Locks
Name of the Vulnerable Software and Affected Versions: Sciener-based locks affected versions not specified Description: The issue allows unencrypted malicious commands to be passed to the lock over Bluetooth Low Energy, as some Sciener-based locks support plaintext message processing. These...
Sciener-based locks Security Vulnerabilities
Sciener is a smart lock firmware from Sciener. A security vulnerability exists in Sciener-based locks that stems from support for plaintext message processing, allowing an attacker to pass unencrypted malicious commands to the lock...