similar to: CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and lmtp processes

Displaying 20 results from an estimated 6000 matches similar to: "CVE-2020-7046: Truncated UTF-8 can be used to DoS submission-login and lmtp processes"

2020 Feb 12
0
CVE-2020-7957: Specially crafted mail can crash snippet generation
Open-Xchange Security Advisory 2020-02-12 Affected product: Dovecot Core Internal reference: DOV-3743 (JIRA ID) Vulnerability type: Improper Input Validation (CWE-30) Vulnerable version: 2.3.9 Vulnerable component: lmtp, imap Fixed version: 2.3.9.3 Report confidence: Confirmed Solution status: Fixed Researcher credits: Open-Xchange oy Vendor notification: 2020-01-14 CVE reference: CVE-2020-7957
2020 Feb 12
0
CVE-2020-7957: Specially crafted mail can crash snippet generation
Open-Xchange Security Advisory 2020-02-12 Affected product: Dovecot Core Internal reference: DOV-3743 (JIRA ID) Vulnerability type: Improper Input Validation (CWE-30) Vulnerable version: 2.3.9 Vulnerable component: lmtp, imap Fixed version: 2.3.9.3 Report confidence: Confirmed Solution status: Fixed Researcher credits: Open-Xchange oy Vendor notification: 2020-01-14 CVE reference: CVE-2020-7957
2021 Jun 21
0
CVE-2021-29157: oauth2 JWT local validation path traversal
Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4476 (Bug ID) Vulnerability type: CWE-24: Path Traversal: '../filedir' Vulnerable version: 2.3.11-2.3.14 Vulnerable component: imap, pop3, submission, managesieve Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification: 2021-03-22
2021 Jun 21
0
CVE-2021-29157: oauth2 JWT local validation path traversal
Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4476 (Bug ID) Vulnerability type: CWE-24: Path Traversal: '../filedir' Vulnerable version: 2.3.11-2.3.14 Vulnerable component: imap, pop3, submission, managesieve Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification: 2021-03-22
2021 Jun 21
1
CVE-2021-33515: SMTP Submission service STARTTLS injection
Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4583 (Bug ID) Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection') Vulnerable version: 2.3.0-2.3.14 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification:
2021 Jun 21
1
CVE-2021-33515: SMTP Submission service STARTTLS injection
Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4583 (Bug ID) Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection') Vulnerable version: 2.3.0-2.3.14 Vulnerable component: submission Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.14.1 Vendor notification:
2019 Dec 13
1
CVE-2019-19722: Critical vulnerability in Dovecot
Open-Xchange Security Advisory 2019-12-13 ? Product: Dovecot IMAP/POP3 Server Vendor: OX Software GmbH ? Internal reference: DOV-3719 Vulnerability type: NULL Pointer Dereference (CWE-476) Vulnerable version: 2.3.9 Vulnerable component: push notification driver Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.9.1 Researcher credits: Frederik Schwan, Michael
2019 Dec 13
1
CVE-2019-19722: Critical vulnerability in Dovecot
Open-Xchange Security Advisory 2019-12-13 ? Product: Dovecot IMAP/POP3 Server Vendor: OX Software GmbH ? Internal reference: DOV-3719 Vulnerability type: NULL Pointer Dereference (CWE-476) Vulnerable version: 2.3.9 Vulnerable component: push notification driver Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.9.1 Researcher credits: Frederik Schwan, Michael
2019 Apr 18
0
CVE-2019-10691: JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters.
Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. You can find binary packages at https://repo.dovecot.org/ Yours sincerely, Aki Tuomi Open-Xchange Oy Open-Xchange Security Advisory 2019-04-18
2019 Apr 18
0
CVE-2019-10691: JSON encoder in Dovecot 2.3 incorrecty assert-crashes when encountering invalid UTF-8 characters.
Dear subscribers, we're sharing our latest advisory with you and would like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs (open-xchange, dovecot, powerdns) at HackerOne. You can find binary packages at https://repo.dovecot.org/ Yours sincerely, Aki Tuomi Open-Xchange Oy Open-Xchange Security Advisory 2019-04-18
2019 Apr 30
0
CVE-2019-11494: Submission-login crashes with signal 11 due to null pointer access when authentication is aborted by disconnecting.
Open-Xchange Security Advisory 2019-04-30 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-3212 (Bug ID) Vulnerability type: CWE-476 Vulnerable version: 2.3.0 - 2.3.5.2 Vulnerable component: submission-login Report confidence: Confirmed Researcher credits: Marcelo Coelho Solution status: Fixed by Vendor Fixed version: 2.3.6 Vendor notificatio: 2019-03-11 Solution date: 2019-04-23
2019 Apr 30
0
CVE-2019-11499: Submission-login crashes when authentication is started over TLS secured channel and invalid authentication message is sent
Open-Xchange Security Advisory 2019-04-30 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-3223 (Bug ID) Vulnerability type: CWE-617 Vulnerable version: 2.3.0 - 2.3.5.2 Vulnerable component: submission-login Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.6 Vendor notification: 2019-03-11 Solution date: 2019-04-23 Public disclosure: 2019-04-30 CVE
2019 Apr 30
0
CVE-2019-11494: Submission-login crashes with signal 11 due to null pointer access when authentication is aborted by disconnecting.
Open-Xchange Security Advisory 2019-04-30 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-3212 (Bug ID) Vulnerability type: CWE-476 Vulnerable version: 2.3.0 - 2.3.5.2 Vulnerable component: submission-login Report confidence: Confirmed Researcher credits: Marcelo Coelho Solution status: Fixed by Vendor Fixed version: 2.3.6 Vendor notificatio: 2019-03-11 Solution date: 2019-04-23
2019 Apr 30
0
CVE-2019-11499: Submission-login crashes when authentication is started over TLS secured channel and invalid authentication message is sent
Open-Xchange Security Advisory 2019-04-30 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-3223 (Bug ID) Vulnerability type: CWE-617 Vulnerable version: 2.3.0 - 2.3.5.2 Vulnerable component: submission-login Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.6 Vendor notification: 2019-03-11 Solution date: 2019-04-23 Public disclosure: 2019-04-30 CVE
2021 Jun 21
0
CVE-2020-28200: Sieve excessive resource usage
Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4159 (Bug ID) Vulnerability type: CWE-400 Vulnerable version: 1.2.0-2.3.14 Vulnerable component: lmtp, lda Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.15 Vendor notification: 2020-09-23 Solution date: 2020-12-07 Public disclosure: 2021-06-21 CVE
2021 Jun 21
0
CVE-2020-28200: Sieve excessive resource usage
Open-Xchange Security Advisory 2021-06-21 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4159 (Bug ID) Vulnerability type: CWE-400 Vulnerable version: 1.2.0-2.3.14 Vulnerable component: lmtp, lda Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.15 Vendor notification: 2020-09-23 Solution date: 2020-12-07 Public disclosure: 2021-06-21 CVE
2021 Jan 04
0
CVE-2020-25275: MIME parsing crashes with particular messages
Open-Xchange Security Advisory 2021-01-04 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4113 (Bug ID) Vulnerability type: CWE-20: Improper Input Validation Vulnerable version: 2.3.11-2.3.11.3 Vulnerable component: lda, lmtp, imap Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.13 Vendor notification: 2020-09-10 Solution date: 2020-09-14 Public
2021 Jan 04
0
CVE-2020-25275: MIME parsing crashes with particular messages
Open-Xchange Security Advisory 2021-01-04 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-4113 (Bug ID) Vulnerability type: CWE-20: Improper Input Validation Vulnerable version: 2.3.11-2.3.11.3 Vulnerable component: lda, lmtp, imap Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 2.3.13 Vendor notification: 2020-09-10 Solution date: 2020-09-14 Public
2020 May 18
0
Multiple vulnerabilities in Dovecot
Dear subscribers, we are sending notifications for three vulnerabilities, - CVE-2020-10957 - CVE-2020-10958 - CVE-2020-10967 Please find them below --- Aki Tuomi Open-Xchange Oy ------------------ Open-Xchange Security Advisory 2020-05-18 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-3784 Vulnerability type: NULL pointer dereference (CWE-476) Vulnerable version:
2020 May 18
0
Multiple vulnerabilities in Dovecot
Dear subscribers, we are sending notifications for three vulnerabilities, - CVE-2020-10957 - CVE-2020-10958 - CVE-2020-10967 Please find them below --- Aki Tuomi Open-Xchange Oy ------------------ Open-Xchange Security Advisory 2020-05-18 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-3784 Vulnerability type: NULL pointer dereference (CWE-476) Vulnerable version: