Fabian Ising

Name of the Vulnerable Software and Affected Versions: SamsungCapture versions prior to 4.8.02 Description: The issue is related to improper file management, which allows for the leak of sensitive information. Recommendations: For versions prior to 4.8.02, update to version 4.8.02 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Fetchmail versions prior to 6.4.22 **Description** The issue is related to Fetchmail's failure to enforce STARTTLS session encryption under certain circumstances, such as with IMAP and PREAUTH. **Recommendations** For versions prior to 6.4.22, update to version 6.4.22 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 15.2 iPadOS versions prior to 15.2 **Description** A S/MIME issue existed in the handling of encrypted email, allowing an attacker to potentially recover plaintext contents of an S/MIME-encrypted email. This issue was addressed by not automatically loading some MIME parts. **Recommendations** For iOS versions prior to 15.2, update to iOS 15.2 or later to resolve the issue. For iPadOS versions prior to 15.2, update to iPadOS 15.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Exim versions through 4.94.2 **Description** The issue is related to the STARTTLS feature in Exim, which allows response injection during MTA SMTP sending. This is due to insufficient neutralization of special elements in the request. The exploitation of this issue may allow a remote attacker to impact data integrity. **Recommendations** For Exim versions through 4.94.2, update to a version that contains a fix for this issue to prevent response injection during MTA SMTP sending. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 78.12 **Description** The issue is related to insufficient input validation in the Mozilla Thunderbird email client. It can be exploited by a remote attacker in a "man-in-the-middle" (MITM) scenario, allowing the execution of arbitrary code. Specifically, if Thunderbird is configured to use STARTTLS for an IMAP connection and an attacker injects IMAP server responses before the STARTTLS handshake is complete, Thunderbird may display incorrect information, such as non-existent folders on the IMAP server. **Recommendations** For versions prior to 78.12, update to version 78.12 or later to resolve the issue. As a temporary workaround, consider disabling the use of STARTTLS for IMAP connections until a patch is applied. Restrict access to IMAP servers to minimize the risk of exploitation. Avoid using IMAP connections that do not complete the STARTTLS handshake.

**Name of the Vulnerable Software and Affected Versions** Dovecot versions prior to 2.3.15 **Description** The issue is related to the submission service in Dovecot, which allows STARTTLS command injection in lib-smtp. This can lead to sensitive information being redirected to an attacker-controlled address. The vulnerability is also associated with incorrect neutralization of special elements in output used by the incoming component, potentially allowing a remote attacker to disclose user credentials. **Recommendations** For versions prior to 2.3.15, update to version 2.3.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the submission service until a patch is applied. Avoid using the STARTTLS command in lib-smtp until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Big Sur 11.4 Security Update versions prior to 2021-003 Catalina Security Update versions prior to 2021-004 Mojave **Description** An attacker in a privileged network position may be able to misrepresent application state due to a logic issue. This issue was addressed with improved state management. **Recommendations** For macOS versions prior to Big Sur 11.4, update to macOS Big Sur 11.4 or later. For Security Update versions prior to 2021-003 Catalina, apply Security Update 2021-003 Catalina or later. For Security Update versions prior to 2021-004 Mojave, apply Security Update 2021-004 Mojave or later.

**Name of the Vulnerable Software and Affected Versions** macOS Catalina versions prior to 10.15.7 Security Update 2020-005 High Sierra versions prior to the update Security Update 2020-005 Mojave versions prior to the update **Description** This issue was addressed with improved checks. A remote attacker may be able to unexpectedly alter application state. **Recommendations** For macOS Catalina versions prior to 10.15.7, update to version 10.15.7 to resolve the issue. For Security Update 2020-005 High Sierra, apply the Security Update 2020-005 to resolve the issue. For Security Update 2020-005 Mojave, apply the Security Update 2020-005 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: evolution-data-server versions through 3.36.3 Description: The issue is related to a STARTTLS buffering problem that impacts SMTP and POP3. When a server sends a "begin TLS" response, the software reads additional data and evaluates it in a TLS context, which can lead to "response injection." This could potentially allow a remote attacker to affect data integrity. Recommendations: For evolution-data-server versions through 3.36.3, update to a version that addresses the STARTTLS buffering issue to prevent potential response injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Mutt versions prior to 1.14.4 NeoMutt versions prior to 2020-06-19 Description: The issue is related to a STARTTLS buffering problem that affects IMAP, SMTP, and POP3 protocols. When a server sends a "begin TLS" response, the client reads additional data and evaluates it in a TLS context, which can lead to "response injection." This can potentially allow a remote attacker to gain unauthorized access to protected information. Recommendations: For Mutt versions prior to 1.14.4, update to version 1.14.4 or later. For NeoMutt versions prior to 2020-06-19, update to a version released after 2020-06-19. As a temporary workaround, consider restricting the use of STARTTLS to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: Mutt versions prior to 1.14.3 Description: The issue is related to insufficient data protection in the Mutt email client, allowing a remote attacker to perform a man-in-the-middle attack. Specifically, Mutt before version 1.14.3 is vulnerable to an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response. Recommendations: For versions prior to 1.14.3, update to version 1.14.3 or later to resolve the issue. As a temporary workaround, consider disabling the IMAP fcc/postpone feature until a patch is available. Restrict access to sensitive email accounts to minimize the risk of exploitation. Avoid using the PREAUTH response in IMAP connections until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15 **Description** An issue existed in the handling of links in encrypted PDFs, which could allow an attacker to exfiltrate the contents of an encrypted PDF. This issue was addressed by adding a confirmation prompt. **Recommendations** For versions prior to 10.15, update to macOS Catalina 10.15 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 52.9 **Description** The issue is related to the Secure/Multipurpose Internet Mail Extensions (S/MIME) function in the Thunderbird email client, which lacks protection for certain data. This can allow a remote attacker to gain unauthorized access to protected information when an email is forwarded or replied to. Specifically, decrypted S/MIME parts that are hidden using CSS or the plaintext HTML tag can leak plaintext when included in an HTML reply or forward. **Recommendations** For versions prior to 52.9, update to version 52.9 or later to resolve the issue. As a temporary workaround, consider avoiding the use of HTML replies or forwards for emails containing sensitive S/MIME-protected information until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 52.9 **Description** The issue is related to the decryption of S/MIME parts in HTML messages, which can lead to plaintext leakage when included in a reply or forward. This is due to a lack of protection for certain data in the S/MIME and PGP functions of the Thunderbird email client. An attacker can exploit this issue by manipulating HTML messages to gain unauthorized access to protected information. **Recommendations** For versions prior to 52.9, update to version 52.9 or later to resolve the issue. As a temporary workaround, consider avoiding the use of HTML replies or forwards for sensitive messages until the update is applied. Restrict access to sensitive information when using the affected Thunderbird versions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.4 macOS versions prior to 10.13.5 **Description** The issue involves the Security component and allows websites to track users by leveraging the transmission of S/MIME client certificates. **Recommendations** For iOS versions prior to 11.4, update to version 11.4 or later. For macOS versions prior to 10.13.5, update to version 10.13.5 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.4 macOS versions prior to 10.13.5 **Description** The issue involves the Mail component and allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration. **Recommendations** For iOS versions prior to 11.4, update to version 11.4 or later. For macOS versions prior to 10.13.5, update to version 10.13.5 or later.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 52.8 Thunderbird ESR versions prior to 52.8 **Description** The issue is related to information disclosure. It allows a remote attacker to gain unauthorized access to protected information through the `src` attribute of remote images or links. This could lead to the leakage of plaintext from decrypted emails. **Recommendations** For Thunderbird versions prior to 52.8, update to version 52.8 or later. For Thunderbird ESR versions prior to 52.8, update to version 52.8 or later. As a temporary workaround, consider restricting access to remote images or links in emails until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Thunderbird ESR versions prior to 52.8 Thunderbird versions prior to 52.8 **Description** The issue is related to the handling of encrypted emails in Thunderbird, where plaintext of decrypted emails can leak when a user submits an embedded form. This is due to a lack of encryption measures for protected data. Exploitation of this issue may allow a remote attacker to gain unauthorized access to protected information. **Recommendations** For Thunderbird ESR versions prior to 52.8, update to version 52.8 or later to resolve the issue. For Thunderbird versions prior to 52.8, update to version 52.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Thunderbird ESR versions prior to 52.8 Thunderbird versions prior to 52.8 **Description** The issue is related to the implementation of the S/MIME protocol in the Thunderbird email client, which is associated with insufficiently robust data encryption. This can lead to the disclosure of plaintext when using remote content in encrypted messages. Exploitation of the issue may allow a remote attacker to gain unauthorized access to protected information. **Recommendations** For Thunderbird ESR versions prior to 52.8, update to version 52.8 or later. For Thunderbird versions prior to 52.8, update to version 52.8 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.4 **Description** The issue involves the `Mail` component and allows man-in-the-middle attackers to read S/MIME encrypted message content. This is achieved by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature. **Recommendations** For macOS versions prior to 10.13.4, update to version 10.13.4 or later to resolve the issue.