9 matches found
CVE-2026-48885
Unauthenticated Cross Site Scripting XSS in HollerBox = 2.3.10.1 versions...
EUVD-2026-36859
Unauthenticated Cross Site Scripting XSS in HollerBox = 2.3.10.1 versions...
Security fix for the ALT Linux 9 package dovecot version 2.3.10.1-alt1
2.3.10.1-alt1 built May 21, 2020 Gleb Fotengauer-Malinovskiy in task 252013 May 20, 2020 Gleb Fotengauer-Malinovskiy - Updated to 2.3.10.1 fixes CVE-2020-10957, CVE-2020-10958, CVE-2020-10967...
Open-Xchange Dovecot 2.3.10 Null Pointer Dereference / Denial Of Service
------------------ Open-Xchange Security Advisory 2020-05-18 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-3784 Vulnerability type: NULL pointer dereference CWE-476 Vulnerable version: 2.3.0 - 2.3.10 Vulnerable component: submission, lmtp Report confidence: Confirmed Solution...
ALPINE-CVE-2020-10967
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart...
ALPINE-CVE-2020-10958
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command...
PT-2020-12455 · Dovecot +7 · Dovecot +7
Name of the Vulnerable Software and Affected Versions: Dovecot versions prior to 2.3.10.1 Description: The issue allows remote unauthenticated attackers to crash the lmtp or submission process by sending mail with an empty localpart. Recommendations: For versions prior to 2.3.10.1, update to...
PT-2020-12448 · Dovecot +6 · Dovecot +6
Name of the Vulnerable Software and Affected Versions: Dovecot versions prior to 2.3.10.1 Description: The issue arises from sending malformed parameters to a NOOP command, which causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp. This can be triggered without...
Cross site scripting
ZmartZone IAM modauthopenidc 2.3.10.1 and earlier is affected by: Cross Site Scripting XSS. The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File: src/modauthopenidc.c, Line: 3109. The fixed version is: 2.3.10.2...