BELL-CVE-2026-23185 CVE-2026-23185 does not affect BellSoft software

Bulletin has no description...

CVE-2026-23185

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mld: cancel mloscanstartwk mloscanstartwk is not canceled on disconnection. In fact, it is not canceled anywhere except in the restart cleanup, where we don't really have to. This can cause an init-after-queue issu...

CLSA-2025-1753987188 dovecot: Fix of CVE-2024-23185

CVE-2024-23185: fix resource exhaustion caused by very large headers when parsing messages...

TencentOS Server 3: dovecot (TSSA-2024:0516)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0516 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-23185

Vulnerability summary: SAP Business Objects Business Intelligence Platform exposes internal technical details due to improper error handling. What is affected: SAP Business Objects BI Platform (information disclosure vulnerability). Root cause: Exceptions and stack traces reveal application inter...

CVE-2025-23185 Information Disclosure in SAP Business Objects Business Intelligence Platform

Due to improper error handling in SAP Business Objects Business Intelligence Platform, technical details of the application are revealed in exceptions thrown to the user and in stack traces. Only an attacker with administrator level privileges has access to this disclosed information, and they...

Medium: dovecot

Issue Overview: Dovecot reports: A DoS is possible with a large number of address headers or abnormally large email headers. CVE-2024-23185 Affected Packages: dovecot Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Cor...

Medium: dovecot

Issue Overview: Dovecot reports: A DoS is possible with a large number of address headers or abnormally large email headers. CVE-2024-23184 Dovecot reports: A DoS is possible with a large number of address headers or abnormally large email headers. CVE-2024-23185 Affected Packages: dovecot Issue...

Amazon Linux 2023 : dovecot, dovecot-devel, dovecot-mysql (ALAS2023-2024-785)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-785 advisory. Dovecot reports: A DoS is possible with a large number of address headers or abnormally large email headers. CVE-2024-23184 Dovecot reports: A DoS is possible with a large number of address...

dovecot security update

An update is available for dovecot. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Dovecot is an IMAP server for Linux and other UNIX-like systems, written...

AlmaLinux 8 : dovecot (ALSA-2024:6973)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:6973 advisory. dovecot: using a large number of address headers may trigger a denial of service CVE-2024-23184 dovecot: very large headers can cause resource exhaustion...

Moderate: Red Hat Security Advisory: dovecot security update

An update for dovecot is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

RHEL 8 : dovecot (RHSA-2024:6973)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:6973 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3...

Oracle Linux 8 : dovecot (ELSA-2024-6973)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-6973 advisory. - fix CVE-2024-23185: very large headers can cause resource exhaustion when parsing message RHEL-55219 Tenable has extracted the preceding description...

dovecot security update

1:2.3.16-6 - fix CVE-2024-23185: very large headers can cause resource exhaustion when parsing message RHEL-55219 - fix CVE-2024-23184: using a large number of address headers may trigger a denial of service RHEL-55206...

ALSA-2024:6973 Moderate: dovecot security update

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: doveco...

Moderate: dovecot security update

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fixes: doveco...

CVE-2024-23972

Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. Th...

CVE-2024-23972 Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability

Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. Th...

CVE-2024-23972

Summary: CVE-2024-23972 affects Sony XAV-AX5500. The issue is a buffer overflow in the USB host driver triggered by a crafted USB configuration descriptor, enabling remote code execution in the device process when a USB is connected by a physically present attacker. The vulnerability can be explo...