Alpine
by Alpine
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-14929 | Hig | 0.49 | 7.5 | 0.02 | Jun 19, 2020 | Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do. | ||
| CVE-2021-46853 | Med | 0.38 | 5.9 | 0.01 | Nov 3, 2022 | Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIST or LSUB is sent before STARTTLS. | ||
| CVE-2021-38370 | Med | 0.38 | 5.9 | 0.02 | Aug 10, 2021 | In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS. |
- risk 0.49cvss 7.5epss 0.02
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do.
- risk 0.38cvss 5.9epss 0.01
Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIST or LSUB is sent before STARTTLS.
- risk 0.38cvss 5.9epss 0.02
In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS.