Displaying 20 results from an estimated 3000 matches similar to: "CVE-2020-24386: IMAP hibernation allows accessing other peoples mail"
2021 Jun 21
1
CVE-2021-33515: SMTP Submission service STARTTLS injection
Open-Xchange Security Advisory 2021-06-21
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-4583 (Bug ID)
Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection')
Vulnerable version: 2.3.0-2.3.14
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.14.1
Vendor notification:
2021 Jun 21
1
CVE-2021-33515: SMTP Submission service STARTTLS injection
Open-Xchange Security Advisory 2021-06-21
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-4583 (Bug ID)
Vulnerability type: CWE-74: Failure to Sanitize Data into a Different Plane ('Injection')
Vulnerable version: 2.3.0-2.3.14
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.14.1
Vendor notification:
2021 Jan 04
0
CVE-2020-25275: MIME parsing crashes with particular messages
Open-Xchange Security Advisory 2021-01-04
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-4113 (Bug ID)
Vulnerability type: CWE-20: Improper Input Validation
Vulnerable version: 2.3.11-2.3.11.3
Vulnerable component: lda, lmtp, imap
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.13
Vendor notification: 2020-09-10
Solution date: 2020-09-14
Public
2021 Jan 04
0
CVE-2020-25275: MIME parsing crashes with particular messages
Open-Xchange Security Advisory 2021-01-04
Product: Dovecot
Vendor: OX Software GmbH
Internal reference: DOV-4113 (Bug ID)
Vulnerability type: CWE-20: Improper Input Validation
Vulnerable version: 2.3.11-2.3.11.3
Vulnerable component: lda, lmtp, imap
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.13
Vendor notification: 2020-09-10
Solution date: 2020-09-14
Public
2019 Dec 13
1
CVE-2019-19722: Critical vulnerability in Dovecot
Open-Xchange Security Advisory 2019-12-13
?
Product: Dovecot IMAP/POP3 Server
Vendor: OX Software GmbH
?
Internal reference: DOV-3719
Vulnerability type: NULL Pointer Dereference (CWE-476)
Vulnerable version: 2.3.9
Vulnerable component: push notification driver
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.9.1
Researcher credits: Frederik Schwan, Michael
2019 Dec 13
1
CVE-2019-19722: Critical vulnerability in Dovecot
Open-Xchange Security Advisory 2019-12-13
?
Product: Dovecot IMAP/POP3 Server
Vendor: OX Software GmbH
?
Internal reference: DOV-3719
Vulnerability type: NULL Pointer Dereference (CWE-476)
Vulnerable version: 2.3.9
Vulnerable component: push notification driver
Report confidence: Confirmed
Solution status: Fixed by Vendor
Fixed version: 2.3.9.1
Researcher credits: Frederik Schwan, Michael
2022 Jul 06
1
CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used
Affected product: Dovecot IMAP Server
Internal reference: DOV-5320
Vulnerability type: Improper Access Control (CWE-284)
Vulnerable version: 2.2
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed in main
Researcher credits: Julian Brook (julezman)
Vendor notification: 2022-05-06
CVE reference: CVE-2022-30550
CVSS: 6.8
2022 Jul 06
1
CVE-2022-30550: Privilege escalation possible in dovecot when similar master and non-master passdbs are used
Affected product: Dovecot IMAP Server
Internal reference: DOV-5320
Vulnerability type: Improper Access Control (CWE-284)
Vulnerable version: 2.2
Vulnerable component: submission
Report confidence: Confirmed
Solution status: Fixed in main
Researcher credits: Julian Brook (julezman)
Vendor notification: 2022-05-06
CVE reference: CVE-2022-30550
CVSS: 6.8
2021 Jan 04
4
Dovecot v2.3.13 released
We are pleased to release v2.3.13. Please find it from locations below:
https://dovecot.org/releases/2.3/dovecot-2.3.13.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.13.tar.gz.sig
Binary packages in https://repo.dovecot.org/
Docker images in https://hub.docker.com/r/dovecot/dovecot
Aki Tuomi
Open-Xchange oy
---
* CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
2021 Jan 04
4
Dovecot v2.3.13 released
We are pleased to release v2.3.13. Please find it from locations below:
https://dovecot.org/releases/2.3/dovecot-2.3.13.tar.gz
https://dovecot.org/releases/2.3/dovecot-2.3.13.tar.gz.sig
Binary packages in https://repo.dovecot.org/
Docker images in https://hub.docker.com/r/dovecot/dovecot
Aki Tuomi
Open-Xchange oy
---
* CVE-2020-24386: Specially crafted command can cause IMAP hibernate to
2024 Jan 23
1
SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) on Red Hat Enterprise Linux release 8.7 (Ootpa)
Hi,
I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise
Linux release 8.7 (Ootpa). The details are as follows.
# rpm -qa | grep openssh
openssh-8.0p1-16.el8.x86_64
openssh-askpass-8.0p1-16.el8.x86_64
openssh-server-8.0p1-16.el8.x86_64
openssh-clients-8.0p1-16.el8.x86_64
# cat /etc/redhat-release
Red Hat Enterprise Linux release 8.7 (Ootpa)
#
SSH Terrapin Prefix Truncation
2015 Oct 18
3
Hibernation disabled when mailbox selected
After setting imap_hibernate_timeout to 60s, I could not find any
hibernated connections after a few hours. I tested hibernation and made
an observation: IDLE'd imap sessions only hibernate if they don't have
a mailbox SELECT'd, otherwise they never hibernate.
Is this the way it's supposed to work?
Joseph Tam <jtam.home at gmail.com>
2020 Aug 12
0
CVE-2020-12100: Receiving mail with deeply nested MIME parts leads to resource exhaustion.
Open-Xchange Security Advisory 2020-08-12
Affected product: Dovecot IMAP server
Internal reference: DOP-1849 (Bug ID)
Vulnerability type: Uncontrolled recursion (CWE-674)
Vulnerable version: 2.0
Vulnerable component: submission, lmtp, lda
Fixed version: 2.3.11.3
Report confidence: Confirmed
Solution status: Fix available
Vendor notification: 2020-04-23
CVE reference: CVE-2020-12100
CVSS: 7.5
2020 Aug 12
0
CVE-2020-12673: Specially crafted NTML package can crash auth service
Open-Xchange Security Advisory 2020-08-12
Affected product: Dovecot IMAP server
Internal reference: DOP-1870 (Bug ID)
Vulnerability type: CWE-789 (Uncontrolled Memory Allocation)
Vulnerable version: 2.2
Vulnerable component: auth
Fixed version: 2.3.11.3
Report confidence: Confirmed
Solution status: Fix available
Vendor notification: 2020-05-03
CVE reference: CVE-2020-12673
CVSS: 7.5
2020 Aug 12
0
CVE-2020-12674: Specially crafted RPA authentication message crashes auth
Open-Xchange Security Advisory 2020-08-12
Affected product: Dovecot IMAP server
Internal reference: DOP-1869 (Bug ID)
Vulnerability type: CWE-126 (Buffer over-read)
Vulnerable version: 2.2
Vulnerable component: auth
Fixed version: 2.3.11.3
Report confidence: Confirmed
Solution status: Fix available
Vendor notification: 2020-05-03
Researcher credit: Orange from DEVCORE team
CVE reference:
2020 Aug 12
0
CVE-2020-12100: Receiving mail with deeply nested MIME parts leads to resource exhaustion.
Open-Xchange Security Advisory 2020-08-12
Affected product: Dovecot IMAP server
Internal reference: DOP-1849 (Bug ID)
Vulnerability type: Uncontrolled recursion (CWE-674)
Vulnerable version: 2.0
Vulnerable component: submission, lmtp, lda
Fixed version: 2.3.11.3
Report confidence: Confirmed
Solution status: Fix available
Vendor notification: 2020-04-23
CVE reference: CVE-2020-12100
CVSS: 7.5
2020 Aug 12
0
CVE-2020-12673: Specially crafted NTML package can crash auth service
Open-Xchange Security Advisory 2020-08-12
Affected product: Dovecot IMAP server
Internal reference: DOP-1870 (Bug ID)
Vulnerability type: CWE-789 (Uncontrolled Memory Allocation)
Vulnerable version: 2.2
Vulnerable component: auth
Fixed version: 2.3.11.3
Report confidence: Confirmed
Solution status: Fix available
Vendor notification: 2020-05-03
CVE reference: CVE-2020-12673
CVSS: 7.5
2020 Aug 12
0
CVE-2020-12674: Specially crafted RPA authentication message crashes auth
Open-Xchange Security Advisory 2020-08-12
Affected product: Dovecot IMAP server
Internal reference: DOP-1869 (Bug ID)
Vulnerability type: CWE-126 (Buffer over-read)
Vulnerable version: 2.2
Vulnerable component: auth
Fixed version: 2.3.11.3
Report confidence: Confirmed
Solution status: Fix available
Vendor notification: 2020-05-03
Researcher credit: Orange from DEVCORE team
CVE reference:
2024 Jan 23
1
SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795) on Red Hat Enterprise Linux release 8.7 (Ootpa)
You might find RedHat's CVE page on this useful:
https://access.redhat.com/security/cve/cve-2023-48795
On Tue, Jan 23, 2024 at 10:04?AM Kaushal Shriyan <kaushalshriyan at gmail.com>
wrote:
> Hi,
>
> I have the SSH Terrapin Prefix Truncation Weakness on Red Hat Enterprise
> Linux release 8.7 (Ootpa). The details are as follows.
>
> # rpm -qa | grep openssh
>
2017 May 26
2
Severity of unpublished CVE-2017-2619 and CVE-2017-7494
Thanks for the analysis of second bug.
Please also share CVSSv3 score for first bug.
Arjit Kumar
On Fri, May 26, 2017 at 12:29 PM, Andrew Bartlett <abartlet at samba.org>
wrote:
> On Fri, 2017-05-26 at 11:36 +0530, Arjit Gupta via samba wrote:
> > Hi Team,
> >
> > Please let me know the severity of CVE-2017-2619 and CVE-2017-7494.
>
> They are not unpublished: