CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1CVE-2021-38370 – Gentoo Linux Security Advisory 202301-07
https://notcve.org/view.php?id=CVE-2021-38370
10 Aug 2021 — In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS. En Alpine antes de la versión 2.25, las respuestas no etiquetadas de un servidor IMAP se aceptan antes de STARTTLS. Multiple vulnerabilities have been found in Alpine, the worst of which could result in denial of service. Versions less than 2.25 are affected. • https://alpine.x10host.com • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-14929
https://notcve.org/view.php?id=CVE-2020-14929
19 Jun 2020 — Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do. Alpine versiones anteriores a 2.23, silenciosamente procedió a usar una conexión no segura después de que un /tls se envía en determinadas circunstancias que involucran a PREAUTH, que es un comportamiento menos seguro que la alternativa de cerra... • http://mailman13.u.washington.edu/pipermail/alpine-info/2020-June/008989.html •