Lucene search
K
Alpine ProjectAlpine

5 matches found

CVE
CVE
added 2020/06/19 6:58 p.m.185 views

CVE-2020-14929

CVE-2020-14929 affects Alpine (pre-2.23) where,a PREAUTH scenario can cause Alpine to proceed over an insecure connection after a /tls is sent instead of closing the connection. Public records in multiple vendor advisories indicate the issue is addressed by upgrading Alpine to 2.23 or newer; Fedo...

7.5CVSS7.2AI score0.01823EPSS
CVE
CVE
added 2021/08/10 12:0 a.m.114 views

CVE-2021-38370

The CVE describes Alpine before 2.25 allowing untagged IMAP responses before STARTTLS, potentially leaking information. Affected component: Alpine IMAP handling. Root cause: insecure handling of IMAP responses prior to TLS upgrade. Impact per sources: information leakage (and related issues) when...

5.9CVSS5.6AI score0.01565EPSS
CVE
CVE
added 2022/12/28 6:1 p.m.78 views

CVE-2022-23553

Alpine is a Java scaffolding library. CVE-2022-23553 describes a URL access filter bypass in Alpine versions prior to 1.10.4. The issue is fixed in version 1.10.4; there are no publicly documented workarounds in the provided sources. Affected component is the URL filtering logic within Alpine’s f...

7.5CVSS7.4AI score0.0084EPSS
CVE
CVE
added 2022/12/28 6:12 p.m.77 views

CVE-2022-23554

CVE-2022-23554 affects Alpine (Java scaffolding library). Multiple sources confirm: versions prior to 1.10.4 allow an Authentication Filter bypass by relying on the request URI to decide swagger endpoint access. For example, a crafted URL such as /api/foo;%2fapi%2fswagger causes the filter to ret...

6.5CVSS5.8AI score0.00659EPSS
CVE
CVE
added 2022/11/03 12:0 a.m.73 views

CVE-2021-46853

CVE-2021-46853 affects Alpine prior to 2.25. A remote attacker can cause an application crash (denial of service) by sending LIST or LSUB before STARTTLS. This issue arises from how the IMAP/mail handling processes pre-TLS commands, enabling a crash under network conditions. The connected documen...

5.9CVSS5.6AI score0.00841EPSS