CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

22 matches found

OSV•added 2026/04/28 11:53 a.m.•7 views

SUSE-SU-2026:1641-1 Security update for dovecot22

This update for dovecot22 fixes the following issues: - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. - CVE-2025-59032: pigeonhole: ManageSieve panic occurs with sieve-connect as a client bsc1260902. - CVE-2026-27855: OTP...

7.5CVSS5.4AI score0.00068EPSS

Exploits5References15

Packet Storm•added 2026/04/22 12:0 a.m.•59 views

📄 Dovecot doveadm Timing Attack / Credential Extraction

This Metasploit auxiliary module performs a timing-based side-channel attack against the Dovecot doveadm HTTP interface to extract credentials character by character. ==================================================================================================================================...

7.4CVSS5.8AI score0.00029EPSS

Exploits1

OSV•added 2026/04/16 1:15 p.m.•2 views

SUSE-SU-2026:21208-1 Security update for dovecot24

This update for dovecot24 fixes the following issues: - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. -...

8.2CVSS5.8AI score0.0009EPSS

Exploits6References21

Amazon•added 2026/04/13 12:0 a.m.•8 views

Important: dovecot

Issue Overview: Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm ht...

7.5CVSS5.9AI score0.00048EPSS

Exploits2

SUSE CVE•added 2026/03/28 12:28 a.m.•2 views

SUSE CVE-2026-27856

Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port,...

7.4CVSS5.9AI score0.00029EPSS

Exploits1References5

Tenable Nessus•added 2026/03/28 12:0 a.m.•10 views

Linux Distros Unpatched Vulnerability : CVE-2026-27856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured...

7.4CVSS5.8AI score0.00029EPSS

Exploits1References3

EUVD•added 2026/03/27 9:31 a.m.•1 views

EUVD-2026-16565

7.4CVSS5.9AI score0.00029EPSS

Exploits1References2

OSV•added 2026/03/27 9:16 a.m.•1 views

ALPINE-CVE-2026-27856

5.9CVSS5.9AI score0.00029EPSS

Exploits1References1

NVD•added 2026/03/27 9:16 a.m.•0 views

CVE-2026-27856

7.4CVSS0.00029EPSS

Exploits1References1

CVE•added 2026/03/27 8:10 a.m.•10 views

CVE-2026-27856

CVE-2026-27856 concerns the doveadm credential verification path, where direct comparison enables a timing oracle to determine configured credentials. The issue affects the doveadm HTTP service component used by Open-Xchange-related deployments, enabling an attacker to infer credentials through t...

7.4CVSS5.9AI score0.00029EPSS

Exploits1References1Affected Software2

Cvelist•added 2026/03/27 8:10 a.m.•24 views

CVE-2026-27856

7.4CVSS0.00029EPSS

Exploits1References1

Debian CVE•added 2026/03/27 8:10 a.m.•1 views

CVE-2026-27856

7.4CVSS5.4AI score0.00029EPSS

Exploits1

AlpineLinux•added 2026/03/27 8:10 a.m.•2 views

CVE-2026-27856

7.4CVSS5.9AI score0.00029EPSS

Exploits1References1

Vulnrichment•added 2026/03/27 8:10 a.m.•1 views

CVE-2026-27856

7.4CVSS5.9AI score0.00029EPSS

Exploits1References1

ATTACKERKB•added 2026/03/27 8:10 a.m.•7 views

CVE-2026-27856

7.4CVSS5.9AI score0.00029EPSS

Exploits1References2

OSV•added 2026/03/27 12:0 a.m.•1 views

UBUNTU-CVE-2026-27856

7.4CVSS5.8AI score0.00029EPSS

Exploits1References3

UbuntuCve•added 2026/03/27 12:0 a.m.•3 views

CVE-2026-27856

7.4CVSS5.9AI score0.00029EPSS

Exploits1References2

Positive Technologies•added 2026/01/01 12:0 a.m.•1 views

PT-2026-28364

Name of the Vulnerable Software and Affected Versions Doveadm affected versions not specified Description Doveadm credentials are verified using direct comparison, which is susceptible to a timing oracle attack. An attacker could potentially determine the configured credentials, leading to full...

7.7CVSS5.9AI score0.0009EPSS

Exploits7References31

Tenable Nessus•added 2025/12/02 12:0 a.m.•4 views

openSUSE 16 Security Update : dovecot24 (openSUSE-SU-2025-20113-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2025-20113-1 advisory. - Update dovecot to 2.4.2: - CVE-2025-30189: Fixed users cached with same cache key when auth cache was enabled bsc1252839 - Changes - auth: Remove...

7.4CVSS5.6AI score0.00012EPSS

Exploits0References3

Tenable Nessus•added 2017/07/17 12:0 a.m.•30 views

Fedora 26 : 1:dovecot (2017-e8b639c286)

quota: Add plugin quotamaxmailsize setting to limit the maximum individual mail size that can be saved. + imapc: Add imapcfeatures=delay-login. If set, connecting to the remote IMAP server isn't done until it's necessary. + imapc: Add imapcconnectionretrycount and imapcconnectionretryinterval...

7.5CVSS6.4AI score0.06874EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by