AZL-44988 CVE-2016-4983 affecting package dovecot 2.3.20-1

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files...

USN-4110-2 dovecot vulnerability

USN-4110-1 fixed a vulnerability in Dovecot. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to caus...

USN-4110-1 dovecot vulnerability

Nick Roessler and Rafi Rubin discovered that Dovecot incorrectly handled certain data. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

USN-3951-1: Dovecot vulnerability

It was discovered that the Dovecot JSON encoder incorrectly handled certain invalid UTF-8 characters. A remote attacker could possibly use this issue to cause Dovecot to repeatedly crash, resulting in a denial of service...

USN-3928-1 dovecot vulnerability

It was discovered that Dovecot incorrectly handled reading certain headers from the index. A local attacker could possibly use this issue to escalate privileges...

CVE-2017-14461

A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted email message to the...

PT-2018-3408 · Dovecot +3 · Dovecot +3

Name of the Vulnerable Software and Affected Versions: dovecot versions prior to 2.2.34 Description: A denial of service flaw was found in the TLS SNI configuration lookups of the Dovecot mail server. An attacker able to generate random SNI server names could exploit this issue, leading to...

PT-2018-3407 · Dovecot +3 · Dovecot +3

Name of the Vulnerable Software and Affected Versions: Dovecot affected versions not specified Description: The issue is related to an out of bounds read that can be triggered by a specially crafted email message delivered over SMTP and passed on to Dovecot by MTA. This can result in potential...

PT-2018-3409 · Dovecot +3 · Dovecot +3

Name of the Vulnerable Software and Affected Versions: dovecot versions 2.0 through 2.2.33 dovecot version 2.3.0 Description: A flaw in the SASL authentication process can cause a memory leak in dovecot's auth client, which is used by login processes. This issue can have significant impact in...

CVE-2015-3420

The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service login process crash via vectors related to handshake failures...

Ubuntu 16.04 LTS : Dovecot vulnerability (USN-3258-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3258-1 advisory. It was discovered that Dovecot incorrectly handled some usernames. An attacker could possibly use this issue to cause Dovecot to hang or crash, resulting in a...

USN-3258-1 dovecot vulnerability

It was discovered that Dovecot incorrectly handled some usernames. An attacker could possibly use this issue to cause Dovecot to hang or crash, resulting in a denial of service...

UBUNTU-CVE-2017-2669

Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through varexpand to perform %variable expansion. Sending specially crafted %variable fields could result in...

Dovecot Local Information Disclosure Vulnerability

Dovecot is an open source based on Linux/UNIX-like systems IMAP and POP3 mail server . A security vulnerability exists in Dovecot that allows remote attackers to submit special requests to obtain sensitive information...

MGASA-2014-0223 Updated dovecot packages fix security vulnerability

Updated dovecot packages fix security vulnerability. Dovecot before 2.2.13 is vulnerable to a DoS attack against imap/pop3-login processes. If SSL/TLS handshake was started but wasn't finished, the login process attempted to eventually forcibly disconnect the client, but failed to do it correctly...

DEBIAN-CVE-2014-3430

Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service resource consumption via an incomplete SSL/TLS handshake for an IMAP/POP3 connection...

CVE-2013-6171

checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the...

Ubuntu 11.10 : dovecot vulnerability (USN-1295-1)

It was discovered that Dovecot incorrectly validated certificate hostnames when being used as a POP3 and IMAP proxy. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information. Note that Tenable Network Security has extracted t...

dovecot: potential crash when parsing header names that contain NUL characters

lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service daemon crash or mailbox corruption via a crafted e-mail message...

CVE-2011-1929

lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service daemon crash or mailbox corruption via a crafted e-mail message...