Displaying 20 results from an estimated 95 matches for "cvsses".
Did you mean:
casses
2024 Jan 23
1
SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) on Red Hat Enterprise Linux release 8.7 (Ootpa)
Hi,
I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise
Linux release 8.7 (Ootpa). The details are as follows.
# rpm -qa | grep openssh
openssh-8.0p1-16.el8.x86_64
openssh-askpass-8.0p1-16.el8.x86_64
openssh-server-8.0p1-16.el8.x86_64
openssh-clients-8.0p1-16.el8.x86_64
# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.7 (Ootpa)
#
SSH Terrapin Prefix Truncation
2017 May 26
2
Severity of unpublished CVE-2017-2619 and CVE-2017-7494
Hi Team,
Please let me know the severity of CVE-2017-2619 and CVE-2017-7494.
Arjit Kumar
2017 May 26
2
Severity of unpublished CVE-2017-2619 and CVE-2017-7494
Thanks for the analysis of second bug.
Please also share CVSSv3 score for first bug.
Arjit Kumar
On Fri, May 26, 2017 at 12:29 PM, Andrew Bartlett <abartlet at samba.org>
wrote:
> On Fri, 2017-05-26 at 11:36 +0530, Arjit Gupta via samba wrote:
> > Hi Team,
> >
> > Please let me know the severity of CVE-2017-2619 and CVE-2017-7494.
>
> They are not unpublished:
2024 Jan 23
1
SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) on Red Hat Enterprise Linux release 8.7 (Ootpa)
You might find RedHat's CVE page on this useful:
https://access.redhat.com/security/cve/cve-2023-48795
On Tue, Jan 23, 2024 at 10:04?AM Kaushal Shriyan <kaushalshriyan at gmail.com>
wrote:
> Hi,
>
> I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise
> Linux release 8.7 (Ootpa). The details are as follows.
>
> # rpm -qa | grep openssh
>
2020 May 18
0
Multiple vulnerabilities in Dovecot
Dear subscribers,
we are sending notifications for three vulnerabilities,
- CVE-2020-10957
- CVE-2020-10958
- CVE-2020-10967
Please find them below
---
Aki Tuomi
Open-Xchange Oy
------------------
Open-Xchange Security Advisory 2020-05-18
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3784
Vulnerability type: NULL pointer dereference (CWE-476)
Vulnerable version:
2020 May 18
0
Multiple vulnerabilities in Dovecot
Dear subscribers,
we are sending notifications for three vulnerabilities,
- CVE-2020-10957
- CVE-2020-10958
- CVE-2020-10967
Please find them below
---
Aki Tuomi
Open-Xchange Oy
------------------
Open-Xchange Security Advisory 2020-05-18
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3784
Vulnerability type: NULL pointer dereference (CWE-476)
Vulnerable version:
2023 Oct 03
0
Heads-up: Upcoming Samba security releases
Hi,
this is a heads-up that there will be Samba security updates for 4.17,
4.18 and 4.19 on Tuesday October 10 2023. Please make sure that your
Samba servers will be updated soon after the release!
Impacted component:
?- Fileserver (CVSS 6.5, Medium)
?- DCE-RPCs and pipes (CVSS 6.8, Medium)
?- AD DC (CVSS 7.5, High; CVSS 6.5, Medium, and CVSS 6.5, Medium)
Jule Anger
--
Jule Anger
2023 Oct 03
0
Heads-up: Upcoming Samba security releases
Hi,
this is a heads-up that there will be Samba security updates for 4.17,
4.18 and 4.19 on Tuesday October 10 2023. Please make sure that your
Samba servers will be updated soon after the release!
Impacted component:
?- Fileserver (CVSS 6.5, Medium)
?- DCE-RPCs and pipes (CVSS 6.8, Medium)
?- AD DC (CVSS 7.5, High; CVSS 6.5, Medium, and CVSS 6.5, Medium)
Jule Anger
--
Jule Anger
2017 May 26
0
Severity of unpublished CVE-2017-2619 and CVE-2017-7494
On Fri, 2017-05-26 at 11:36 +0530, Arjit Gupta via samba wrote:
> Hi Team,
>
> Please let me know the severity of CVE-2017-2619 and CVE-2017-7494.
They are not unpublished:
https://www.samba.org/samba/security/CVE-2017-2619.html
https://www.samba.org/samba/security/CVE-2017-7494.html
For this second bug, I did some work on CVSS scores:
I've had a go at a CVSSv3 score for the
2016 Dec 02
6
CVE-2016-8562 in dovecot
We are sorry to report that we have a bug in dovecot, which merits a
CVE. See details below. If you haven't configured any auth_policy_*
settings you are ok. This is fixed with
https://git.dovecot.net/dovecot/core/commit/c3d3faa4f72a676e183f34be960cff13a5a725ae
and
https://git.dovecot.net/dovecot/core/commit/99abb1302ae693ccdfe0d57351fd42c67a8612fc
Important vulnerability in Dovecot
2020 Jun 25
1
Heads-up: Security Releases ahead!
Hi,
This is a heads-up that there will be Samba security updates on
Thursday, July 2 2020. Please make sure that your Samba
servers will be updated soon after the release!
Impacted components:
- AD DC (CVSS 7.5, Medium)
- File server (CVSS 7.5, Medium)
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team
2020 Jun 25
1
Heads-up: Security Releases ahead!
Hi,
This is a heads-up that there will be Samba security updates on
Thursday, July 2 2020. Please make sure that your Samba
servers will be updated soon after the release!
Impacted components:
- AD DC (CVSS 7.5, Medium)
- File server (CVSS 7.5, Medium)
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team
2021 Jun 21
1
CVE-2021-33515: SMTP Submission service STARTTLS injection
Open-Xchange Security Advisory 2021-06-21
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-4583 (Bug ID)
Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection')
Vulnerable version: 2.3.0-2.3.14
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.14.1
Vendor notification:
2021 Jun 21
1
CVE-2021-33515: SMTP Submission service STARTTLS injection
Open-Xchange Security Advisory 2021-06-21
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-4583 (Bug ID)
Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection')
Vulnerable version: 2.3.0-2.3.14
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.14.1
Vendor notification:
2021 Jan 04
2
CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
Open-Xchange Security Advisory 2021-01-04
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOP-2009 (Bug ID)
Vulnerability type: CWE-150: Improper Neutralization of Escape, Meta, or
Control Sequences
Vulnerable version: 2.2.26-2.3.11.3
Vulnerable component: imap
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.13
Vendor notification: 2020-08-17
2021 Jan 04
2
CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
Open-Xchange Security Advisory 2021-01-04
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOP-2009 (Bug ID)
Vulnerability type: CWE-150: Improper Neutralization of Escape, Meta, or
Control Sequences
Vulnerable version: 2.2.26-2.3.11.3
Vulnerable component: imap
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.13
Vendor notification: 2020-08-17
2019 Dec 13
1
CVE-2019-19722: Critical vulnerability in Dovecot
Open-Xchange Security Advisory 2019-12-13
?
Product: Dovecot IMAP/POP3 Server
Vendor: OX Software GmbH
?
Internal reference: DOV-3719
Vulnerability type: NULL Pointer Dereference (CWE-476)
Vulnerable version: 2.3.9
Vulnerable component: push notification driver
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.9.1
Researcher credits: Frederik Schwan, Michael
2019 Dec 13
1
CVE-2019-19722: Critical vulnerability in Dovecot
Open-Xchange Security Advisory 2019-12-13
?
Product: Dovecot IMAP/POP3 Server
Vendor: OX Software GmbH
?
Internal reference: DOV-3719
Vulnerability type: NULL Pointer Dereference (CWE-476)
Vulnerable version: 2.3.9
Vulnerable component: push notification driver
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.9.1
Researcher credits: Frederik Schwan, Michael
2022 Jul 06
1
CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used
Affected product: Dovecot IMAP Server
Internal reference: DOV-5320
Vulnerability type: Improper Access Control (CWE-284)
Vulnerable version: 2.2
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed in main
Researcher credits: Julian Brook (julezman)
Vendor notification: 2022-05-06
CVE reference: CVE-2022-30550
CVSS: 6.8
2022 Jul 06
1
CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used
Affected product: Dovecot IMAP Server
Internal reference: DOV-5320
Vulnerability type: Improper Access Control (CWE-284)
Vulnerable version: 2.2
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed in main
Researcher credits: Julian Brook (julezman)
Vendor notification: 2022-05-06
CVE reference: CVE-2022-30550
CVSS: 6.8