Getmail
Monthly
The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.
The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof POP3 servers and obtain. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
The IMAP-over-SSL implementation in getmail 4.44.0 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.
The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof IMAP servers and obtain. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.