|Max CVSS||7.8||Min CVSS||2.6||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.
|17-10-2018 - 21:45||31-12-2006 - 05:00|
The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle (MITM) attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APO
|16-10-2018 - 16:39||16-04-2007 - 22:19|
socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted cert
|10-10-2018 - 19:41||07-08-2009 - 19:00|