Vulners
Lucene search
Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver.
| Reporter | Title | Published | Views | Family All 99 |
|---|---|---|---|---|
 | Security fix for the ALT Linux 9 package dovecot version 2.3.16-alt1 | 19 Aug 202100:00 | – | altlinux |
 | CVE-2021-29157 | 28 Jun 202111:58 | – | alpinelinux |
 | [ASA-202106-56] dovecot: information disclosure | 22 Jun 202100:00 | – | archlinux |
 | CVE-2021-29157 affecting package dovecot for versions less than 2.3.20-1 | 28 Sep 202311:57 | – | cbl_mariner |
 | CVE-2021-29157 | 28 Jun 202116:27 | – | circl |
 | Dovecot 路径遍历漏洞 | 21 Jun 202100:00 | – | cnnvd |
 | CVE-2021-29157 | 28 Jun 202111:58 | – | cve |
 | CVE-2021-29157 | 28 Jun 202111:58 | – | cvelist |
 | dovecot -- multiple vulnerabilities | 22 Mar 202100:00 | – | freebsd |
 | CVE-2021-29157 | 28 Jun 202111:58 | – | debiancve |
10
Node
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Jan 2022 08:00Current
7High risk
Vulners AI Score7
CVSS 22.1
CVSS 3.15.5 - 7.5
EPSS0.00762