CVE-2020-15953

LibEtPan ≤ 1.9.4 (used in MailCore 2 ≤ 0.6.3 and related products) contains a STARTTLS buffering issue that enables response injection during TLS negotiation across IMAP, SMTP, and POP3. The root cause is improper handling when a server responds with begin TLS, causing the client to read extra da...

CVE-2021-26911

Canary Mail is affected by CVE-2021-26911 (CVE entry). The vulnerability is in core/imap/MCIMAPSession.cpp and manifests in IMAP STARTTLS mode due to missing SSL certificate validation, affecting Canary Mail versions prior to 3.22. The CVSS data in the connected records indicates a network-expose...