Displaying 20 results from an estimated 4000 matches similar to: "CVE-2019-11494: Submission-login crashes with signal 11 due to null pointer access when authentication is aborted by disconnecting."
2019 Apr 30
0
CVE-2019-11499: Submission-login crashes when authentication is started over TLS secured channel and invalid authentication message is sent
Open-Xchange Security Advisory 2019-04-30
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3223 (Bug ID)
Vulnerability type: CWE-617
Vulnerable version: 2.3.0 - 2.3.5.2
Vulnerable component: submission-login
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.6
Vendor notification: 2019-03-11
Solution date: 2019-04-23
Public disclosure: 2019-04-30
CVE
2019 Apr 30
0
CVE-2019-11499: Submission-login crashes when authentication is started over TLS secured channel and invalid authentication message is sent
Open-Xchange Security Advisory 2019-04-30
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3223 (Bug ID)
Vulnerability type: CWE-617
Vulnerable version: 2.3.0 - 2.3.5.2
Vulnerable component: submission-login
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.6
Vendor notification: 2019-03-11
Solution date: 2019-04-23
Public disclosure: 2019-04-30
CVE
2019 Aug 28
0
CVE-2019-11500:
Dear subscribers, we have been made aware of critical vulnerability in
Dovecot and Pigeonhole.
---
Open-Xchange Security Advisory 2019-08-14
?
Product: Dovecot
Vendor: OX Software GmbH
?
Internal reference: DOV-3278
Vulnerability type: Improper input validation (CWE-20)
Vulnerable version: All versions prior to 2.3.7.2 and 2.2.36.4
Vulnerable component: IMAP and ManageSieve protocol parsers
2019 Apr 18
0
CVE-2019-10691: JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters.
Dear subscribers,
we're sharing our latest advisory with you and would like to thank
everyone who contributed in finding and solving those vulnerabilities.
Feel free to join our bug bounty programs (open-xchange, dovecot,
powerdns) at HackerOne.
You can find binary packages at https://repo.dovecot.org/
Yours sincerely,
Aki Tuomi
Open-Xchange Oy
Open-Xchange Security Advisory 2019-04-18
2019 Apr 18
0
CVE-2019-10691: JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters.
Dear subscribers,
we're sharing our latest advisory with you and would like to thank
everyone who contributed in finding and solving those vulnerabilities.
Feel free to join our bug bounty programs (open-xchange, dovecot,
powerdns) at HackerOne.
You can find binary packages at https://repo.dovecot.org/
Yours sincerely,
Aki Tuomi
Open-Xchange Oy
Open-Xchange Security Advisory 2019-04-18
2021 Jun 21
1
CVE-2021-33515: SMTP Submission service STARTTLS injection
Open-Xchange Security Advisory 2021-06-21
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-4583 (Bug ID)
Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection')
Vulnerable version: 2.3.0-2.3.14
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.14.1
Vendor notification:
2021 Jun 21
1
CVE-2021-33515: SMTP Submission service STARTTLS injection
Open-Xchange Security Advisory 2021-06-21
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-4583 (Bug ID)
Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection')
Vulnerable version: 2.3.0-2.3.14
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.14.1
Vendor notification:
2019 Aug 28
7
CVE-2019-11500: Critical vulnerability in Dovecot and Pigeonhole
Dear subscribers, we have been made aware of critical vulnerability in
Dovecot and Pigeonhole.
---
Open-Xchange Security Advisory 2019-08-14
?
Product: Dovecot
Vendor: OX Software GmbH
?
Internal reference: DOV-3278
Vulnerability type: Improper input validation (CWE-20)
Vulnerable version: All versions prior to 2.3.7.2 and 2.2.36.4
Vulnerable component: IMAP and ManageSieve protocol parsers
2020 Feb 12
0
CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and lmtp processes
Open-Xchange Security Advisory 2020-02-12
Affected product: Dovecot Core
Internal reference: DOV-3744 (JIRA ID)
Vulnerability type: Improper Input Validation (CWE-30)
Vulnerable version: 2.3.9
Vulnerable component: submission-login, lmtp
Fixed version: 2.3.9.3
Report confidence: Confirmed
Solution status: Fixed
Researcher credits: Open-Xchange oy
Vendor notification: 2020-01-14
CVE reference:
2020 Feb 12
0
CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and lmtp processes
Open-Xchange Security Advisory 2020-02-12
Affected product: Dovecot Core
Internal reference: DOV-3744 (JIRA ID)
Vulnerability type: Improper Input Validation (CWE-30)
Vulnerable version: 2.3.9
Vulnerable component: submission-login, lmtp
Fixed version: 2.3.9.3
Report confidence: Confirmed
Solution status: Fixed
Researcher credits: Open-Xchange oy
Vendor notification: 2020-01-14
CVE reference:
2019 Dec 13
1
CVE-2019-19722: Critical vulnerability in Dovecot
Open-Xchange Security Advisory 2019-12-13
?
Product: Dovecot IMAP/POP3 Server
Vendor: OX Software GmbH
?
Internal reference: DOV-3719
Vulnerability type: NULL Pointer Dereference (CWE-476)
Vulnerable version: 2.3.9
Vulnerable component: push notification driver
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.9.1
Researcher credits: Frederik Schwan, Michael
2019 Dec 13
1
CVE-2019-19722: Critical vulnerability in Dovecot
Open-Xchange Security Advisory 2019-12-13
?
Product: Dovecot IMAP/POP3 Server
Vendor: OX Software GmbH
?
Internal reference: DOV-3719
Vulnerability type: NULL Pointer Dereference (CWE-476)
Vulnerable version: 2.3.9
Vulnerable component: push notification driver
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.9.1
Researcher credits: Frederik Schwan, Michael
2022 Jul 06
1
CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used
Affected product: Dovecot IMAP Server
Internal reference: DOV-5320
Vulnerability type: Improper Access Control (CWE-284)
Vulnerable version: 2.2
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed in main
Researcher credits: Julian Brook (julezman)
Vendor notification: 2022-05-06
CVE reference: CVE-2022-30550
CVSS: 6.8
2022 Jul 06
1
CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used
Affected product: Dovecot IMAP Server
Internal reference: DOV-5320
Vulnerability type: Improper Access Control (CWE-284)
Vulnerable version: 2.2
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed in main
Researcher credits: Julian Brook (julezman)
Vendor notification: 2022-05-06
CVE reference: CVE-2022-30550
CVSS: 6.8
2020 May 18
0
Multiple vulnerabilities in Dovecot
Dear subscribers,
we are sending notifications for three vulnerabilities,
- CVE-2020-10957
- CVE-2020-10958
- CVE-2020-10967
Please find them below
---
Aki Tuomi
Open-Xchange Oy
------------------
Open-Xchange Security Advisory 2020-05-18
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3784
Vulnerability type: NULL pointer dereference (CWE-476)
Vulnerable version:
2020 May 18
0
Multiple vulnerabilities in Dovecot
Dear subscribers,
we are sending notifications for three vulnerabilities,
- CVE-2020-10957
- CVE-2020-10958
- CVE-2020-10967
Please find them below
---
Aki Tuomi
Open-Xchange Oy
------------------
Open-Xchange Security Advisory 2020-05-18
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3784
Vulnerability type: NULL pointer dereference (CWE-476)
Vulnerable version:
2020 Feb 12
0
CVE-2020-7957: Specially crafted mail can crash snippet generation
Open-Xchange Security Advisory 2020-02-12
Affected product: Dovecot Core
Internal reference: DOV-3743 (JIRA ID)
Vulnerability type: Improper Input Validation (CWE-30)
Vulnerable version: 2.3.9
Vulnerable component: lmtp, imap
Fixed version: 2.3.9.3
Report confidence: Confirmed
Solution status: Fixed
Researcher credits: Open-Xchange oy
Vendor notification: 2020-01-14
CVE reference: CVE-2020-7957
2020 Feb 12
0
CVE-2020-7957: Specially crafted mail can crash snippet generation
Open-Xchange Security Advisory 2020-02-12
Affected product: Dovecot Core
Internal reference: DOV-3743 (JIRA ID)
Vulnerability type: Improper Input Validation (CWE-30)
Vulnerable version: 2.3.9
Vulnerable component: lmtp, imap
Fixed version: 2.3.9.3
Report confidence: Confirmed
Solution status: Fixed
Researcher credits: Open-Xchange oy
Vendor notification: 2020-01-14
CVE reference: CVE-2020-7957
2021 Jun 21
0
CVE-2020-28200: Sieve excessive resource usage
Open-Xchange Security Advisory 2021-06-21
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-4159 (Bug ID)
Vulnerability type: CWE-400
Vulnerable version: 1.2.0-2.3.14
Vulnerable component: lmtp, lda
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.15
Vendor notification: 2020-09-23
Solution date: 2020-12-07
Public disclosure: 2021-06-21
CVE
2021 Jun 21
0
CVE-2020-28200: Sieve excessive resource usage
Open-Xchange Security Advisory 2021-06-21
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-4159 (Bug ID)
Vulnerability type: CWE-400
Vulnerable version: 1.2.0-2.3.14
Vulnerable component: lmtp, lda
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.15
Vendor notification: 2020-09-23
Solution date: 2020-12-07
Public disclosure: 2021-06-21
CVE