Displaying 20 results from an estimated 1000 matches similar to: "CVE-2019-11500:"
2019 Aug 28
7
CVE-2019-11500: Critical vulnerability in Dovecot and Pigeonhole
Dear subscribers, we have been made aware of critical vulnerability in
Dovecot and Pigeonhole.
---
Open-Xchange Security Advisory 2019-08-14
?
Product: Dovecot
Vendor: OX Software GmbH
?
Internal reference: DOV-3278
Vulnerability type: Improper input validation (CWE-20)
Vulnerable version: All versions prior to 2.3.7.2 and 2.2.36.4
Vulnerable component: IMAP and ManageSieve protocol parsers
2019 Sep 03
0
CVE-2019-11500: Critical vulnerability in Dovecot and Pigeonhole
On 2019.08.28. 15:10, Aki Tuomi via dovecot wrote:
>
> Steps to reproduce:
>
> This bug is best observed using valgrind to see the out of bounds read
> with following snippet:
>
> perl -e 'print "a id (\"foo\" \"".("x"x1021)."\\A\" \"bar\"
> \"\000".("x"x1020)."\\A\")\n"' |
2019 Apr 30
0
CVE-2019-11494: Submission-login crashes with signal 11 due to null pointer access when authentication is aborted by disconnecting.
Open-Xchange Security Advisory 2019-04-30
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3212 (Bug ID)
Vulnerability type: CWE-476
Vulnerable version: 2.3.0 - 2.3.5.2
Vulnerable component: submission-login
Report confidence: Confirmed
Researcher credits: Marcelo Coelho
Solution status: Fixed by Vendor
Fixed version: 2.3.6
Vendor notificatio: 2019-03-11
Solution date: 2019-04-23
2019 Apr 30
0
CVE-2019-11499: Submission-login crashes when authentication is started over TLS secured channel and invalid authentication message is sent
Open-Xchange Security Advisory 2019-04-30
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3223 (Bug ID)
Vulnerability type: CWE-617
Vulnerable version: 2.3.0 - 2.3.5.2
Vulnerable component: submission-login
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.6
Vendor notification: 2019-03-11
Solution date: 2019-04-23
Public disclosure: 2019-04-30
CVE
2019 Apr 30
0
CVE-2019-11494: Submission-login crashes with signal 11 due to null pointer access when authentication is aborted by disconnecting.
Open-Xchange Security Advisory 2019-04-30
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3212 (Bug ID)
Vulnerability type: CWE-476
Vulnerable version: 2.3.0 - 2.3.5.2
Vulnerable component: submission-login
Report confidence: Confirmed
Researcher credits: Marcelo Coelho
Solution status: Fixed by Vendor
Fixed version: 2.3.6
Vendor notificatio: 2019-03-11
Solution date: 2019-04-23
2019 Apr 30
0
CVE-2019-11499: Submission-login crashes when authentication is started over TLS secured channel and invalid authentication message is sent
Open-Xchange Security Advisory 2019-04-30
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-3223 (Bug ID)
Vulnerability type: CWE-617
Vulnerable version: 2.3.0 - 2.3.5.2
Vulnerable component: submission-login
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.6
Vendor notification: 2019-03-11
Solution date: 2019-04-23
Public disclosure: 2019-04-30
CVE
2019 Aug 28
0
Dovecot release v2.2.36.4
Hi!
We are pleased to release Dovecot release v2.2.36.4
Tarball is available at
https://dovecot.org/releases/2.2/dovecot-2.2.36.4.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.2.36.4.tar.gz.sig
Binary packages are available at https://repo.dovecot.org/
Changes
-------
* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
? when scanning data in quoted strings, leading
2019 Aug 28
0
Dovecot release v2.2.36.4
Hi!
We are pleased to release Dovecot release v2.2.36.4
Tarball is available at
https://dovecot.org/releases/2.2/dovecot-2.2.36.4.tar.gz
https://dovecot.org/releases/2.2/dovecot-2.2.36.4.tar.gz.sig
Binary packages are available at https://repo.dovecot.org/
Changes
-------
* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
? when scanning data in quoted strings, leading
2019 Sep 09
1
CVE-2019-11500 and LMTP error
Hi all,
does the dovecot fixed version: 2.3.7.2, 2.2.36.4 (as the CVE-2019-11500
says) fix the LMTP error "Got unexpected reply" as well?
The LMTP error "Got unexpected reply" is described here:
https://dovecot.org/pipermail/dovecot/2018-August/112562.html
https://dovecot.org/pipermail/dovecot/2018-August/112666.html
Thanks in advance
Regards,
--
Gabriele Nencioni
2019 Aug 28
0
Dovecot release v2.3.7.2
Hi!
We are pleased to release Dovecot release v2.3.7.2
Tarball is available at
https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz.sig
Binary packages are available at https://repo.dovecot.org/
Changes
-------
* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
? when scanning data in quoted strings, leading to
2019 Aug 28
0
Dovecot release v2.3.7.2
Hi!
We are pleased to release Dovecot release v2.3.7.2
Tarball is available at
https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.7.2.tar.gz.sig
Binary packages are available at https://repo.dovecot.org/
Changes
-------
* CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte
? when scanning data in quoted strings, leading to
2019 Aug 28
0
Pigeonhole release v0.5.7.2
Hi!
We are pleased to release Pigeonhole release v0.5.7.2
Tarball is available at
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz.sig
Binary packages are available at https://repo.dovecot.org/
Changes
-------
* CVE-2019-11500: ManageSieve protocol parser does not properly handle
2019 Aug 28
2
Pigeonhole release v0.4.24.2
Hi!
We are pleased to release Pigeonhole release v0.4.24.2
Tarball is available at
https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz
https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.24.2.tar.gz.sig
Changes
-------
* CVE-2019-11500: ManageSieve protocol parser does not properly handle
NUL byte
? when scanning data in quoted strings, leading
2019 Aug 28
0
Pigeonhole release v0.5.7.2
Hi!
We are pleased to release Pigeonhole release v0.5.7.2
Tarball is available at
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz
https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-0.5.7.2.tar.gz.sig
Binary packages are available at https://repo.dovecot.org/
Changes
-------
* CVE-2019-11500: ManageSieve protocol parser does not properly handle
2019 Aug 28
0
CVE-2019-11500: Critical vulnerability in Dovecot and Pigeonhole
Hello,
On 2019-08-28 14:10, Aki Tuomi via dovecot wrote:
> Dear subscribers, we have been made aware of critical vulnerability in
> Dovecot and Pigeonhole.
Has this already been fixed in 2.2.36.4? Changelog does not mention it.
Regards
Christoph
2021 Jun 21
1
CVE-2021-33515: SMTP Submission service STARTTLS injection
Open-Xchange Security Advisory 2021-06-21
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-4583 (Bug ID)
Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection')
Vulnerable version: 2.3.0-2.3.14
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.14.1
Vendor notification:
2021 Jun 21
1
CVE-2021-33515: SMTP Submission service STARTTLS injection
Open-Xchange Security Advisory 2021-06-21
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-4583 (Bug ID)
Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection')
Vulnerable version: 2.3.0-2.3.14
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.14.1
Vendor notification:
2021 Jan 04
2
CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
Open-Xchange Security Advisory 2021-01-04
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOP-2009 (Bug ID)
Vulnerability type: CWE-150: Improper Neutralization of Escape, Meta, or
Control Sequences
Vulnerable version: 2.2.26-2.3.11.3
Vulnerable component: imap
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.13
Vendor notification: 2020-08-17
2021 Jan 04
2
CVE-2020-24386: IMAP hibernation allows accessing other peoples mail
Open-Xchange Security Advisory 2021-01-04
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOP-2009 (Bug ID)
Vulnerability type: CWE-150: Improper Neutralization of Escape, Meta, or
Control Sequences
Vulnerable version: 2.2.26-2.3.11.3
Vulnerable component: imap
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.13
Vendor notification: 2020-08-17
2019 Dec 13
1
CVE-2019-19722: Critical vulnerability in Dovecot
Open-Xchange Security Advisory 2019-12-13
?
Product: Dovecot IMAP/POP3 Server
Vendor: OX Software GmbH
?
Internal reference: DOV-3719
Vulnerability type: NULL Pointer Dereference (CWE-476)
Vulnerable version: 2.3.9
Vulnerable component: push notification driver
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.9.1
Researcher credits: Frederik Schwan, Michael