4 results (0.002 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS. En KDE Trojita versión 0.7, unos atacantes de tipo man-in-the-middle pueden crear nuevas carpetas porque las respuestas no etiquetadas de un servidor IMAP son aceptadas antes de STARTTLS • https://bugs.kde.org/show_bug.cgi?id=432353 https://nostarttls.secvuln.info • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification errors, which allows man-in-the-middle attackers to spoof SMTP servers. El archivo MSA/SMTP.cpp en Trojita versiones anteriores a 0.8 ignora los errores de verificación de certificados, que permite a atacantes de tipo man-in-the-middle falsificar servidores SMTP • https://bugs.kde.org/show_bug.cgi?id=423453 https://gerrit.vesnicky.cesnet.cz/r/1035 • CWE-295: Improper Certificate Validation •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the intended receiver. If the receiver replies to this (benign looking) email, they unknowingly leak the plaintext of the encrypted message part(s) back to the attacker. En KDE Trojita 0.7, un atacante que posea correos electrónicos cifrados en S/MIME o PGP puede envolverlos como subpartes de un correo electrónico multiparte manipulado. • https://bugs.kde.org/show_bug.cgi?id=404697 • CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0

The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message into a (1) sent or (2) draft folder via a PREAUTH response that prevents later use of the STARTTLS command. La función OpenConnectionTask::handleStateHelper en Imap/Tasks/OpenConnectionTask.cpp en Trojita anterior a 0.4.1 permite a atacantes man-in-the-middle provocar uso de texto plano para el guardado de un mensaje en una carpeta (1) sent o (2) draft a través de una respuesta PREAUTH que previene el uso posterior del comando STARTTLS. • http://jkt.flaska.net/blog/Trojita_0_4_1__a_security_update_for_CVE_2014_2567.html https://github.com/jktjkt/trojita/commit/25fffa3e25cbad85bbca804193ad336b090a9ce1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •