Lucene search
K

2317 matches found

SUSE CVE
SUSE CVE
added 2026/05/13 3:38 a.m.13 views

SUSE CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

6.8CVSS5.8AI score0.00222EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/13 3:37 a.m.12 views

SUSE CVE-2026-40020

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.14 views

MiracleLinux 8 : dovecot-2.3.16-7.el8_10 (AXSA:2026-611:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-611:02 advisory. dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command CVE-2025-59032 dovecot: denial of service via craft...

7.5CVSS5.8AI score0.0079EPSS
Exploits2References4
OSV
OSV
added 2026/05/12 7:39 p.m.9 views

CLSA-2026-1778614755 dovecot: Fix of 2 CVEs

CVE-2026-27858: managesieve: fix DoS via crafted message before authentication that caused excessive memory allocation - CVE-2025-59032: managesieve: fix crash when AUTHENTICATE command does not finish on the first call literal SASL initial response...

7.5CVSS5.8AI score0.0079EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/12 3:31 p.m.12 views

EUVD-2026-29471

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...

3.1CVSS5.8AI score0.00271EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 3:31 p.m.10 views

EUVD-2026-29468

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

6.8CVSS5.8AI score0.00222EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 2:17 p.m.27 views

CVE-2026-40020

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...

4.3CVSS0.00271EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 2:17 p.m.18 views

CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

6.8CVSS0.00222EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/12 2:17 p.m.14 views

CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

6.8CVSS5.8AI score0.00222EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 2:17 p.m.4 views

UBUNTU-CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

6.8CVSS5.8AI score0.00222EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/12 1:28 p.m.31 views

CVE-2026-40020

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...

3.1CVSS0.00271EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 1:28 p.m.8 views

CVE-2026-40020

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...

3.1CVSS5.8AI score0.00271EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 1:28 p.m.9 views

CVE-2026-40020

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...

3.1CVSS5.8AI score0.00271EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/05/12 1:28 p.m.20 views

CVE-2026-40020

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 1:28 p.m.33 views

CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

6.8CVSS0.00222EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 1:28 p.m.11 views

CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

6.8CVSS5.8AI score0.00222EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 1:28 p.m.27 views

CVE-2026-33603

The CVE-2026-33603 affects Dovecot (and client) via a specially crafted base64 exchange to fake SCRAM TLS channel binding. Root cause: attacker positions between Dovecot and client to perform MITM, enabling eavesdropping. Impact: confidentiality and integrity of the conversation can be compromise...

6.8CVSS5.8AI score0.00222EPSS
Exploits0References1Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/05/12 1:28 p.m.6 views

CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

6.8CVSS5.8AI score0.00222EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/12 1:28 p.m.13 views

CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

6.8CVSS5.8AI score0.00222EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/12 1:28 p.m.7 views

CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

6.8CVSS5.8AI score0.00222EPSS
Exploits0
Rows per page
Query Builder