Lucene search
K

629 matches found

RedHat Linux
RedHat Linux
added 2022/05/10 1:58 p.m.44 views

Moderate: Red Hat Security Advisory: dovecot security update

An update for dovecot is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

5.8CVSS6.8AI score0.02837EPSS
Exploits0References4
OSV
OSV
added 2022/05/10 8:8 a.m.23 views

ALSA-2022:1950 Moderate: dovecot security update

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. The following packages...

5.8CVSS7.2AI score0.02837EPSS
Exploits0References2
OSV
OSV
added 2022/05/10 8:8 a.m.30 views

RLSA-2022:1950 Moderate: dovecot security update

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. The following packages...

4.2CVSS7.3AI score0.02837EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2022/05/10 8:8 a.m.53 views

dovecot security update

An update is available for dovecot. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Dovecot is an IMAP server for Linux and other UNIX-like systems, written...

5.8CVSS7AI score0.02837EPSS
Exploits0
AlmaLinux
AlmaLinux
added 2022/05/10 8:8 a.m.42 views

Moderate: dovecot security update

Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. The following packages...

5.8CVSS7AI score0.02837EPSS
Exploits0References2
Hacker One
Hacker One
added 2022/04/27 4:16 p.m.85 views

Internet Bug Bounty: OAUTH2 bearer not-checked for connection re-use

libcurl might reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protcols: SMTPS, IMAPS, POP3S and LDAPS openldap only. libcurl maintains a pool of connections afte...

5.5CVSS8.1AI score0.01914EPSS
Exploits1
OSV
OSV
added 2022/02/18 6:15 p.m.5 views

CVE-2021-3657

A flaw was found in mbsync versions prior to 1.4.4. Due to inadequate handling of extremely large =2GiB IMAP literals, malicious or compromised IMAP servers, and hypothetically even external email senders, could cause several different buffer overflows, which could conceivably be exploited for...

9.8CVSS9.8AI score
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2022/02/09 12:0 a.m.28 views

AlmaLinux 8 : mutt (ALSA-2021:4181)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:4181 advisory. - Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid...

6.5CVSS6.2AI score0.02796EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.18 views

Mageia: Security Advisory (MGASA-2021-0355)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.8CVSS7.8AI score0.03582EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2022/01/01 12:0 p.m.3 views

GSL (>=0.4.25 <=0.4.26), IMAPServer (=0.0.0) +4478 more potentially affected by unknown CVE via rustc-serialize (>=0.1.5 <=0.3.25)

rustc-serialize CARGO version =0.1.5, =0.4.25, =0.1.0, =0.1.7, =0.2.0-beta.4, =0.0.6, =0.1.0, =0.2.1, =0.1.4, =0.1.1, =0.3.0 - ace-test-lib =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2022-0004...

5.7AI score
Exploits0
Redos
Redos
added 2021/12/24 12:0 a.m.10 views

ROS-2-1640

2.1640 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...

8.8CVSS8.2AI score0.03582EPSS
Exploits1
Redos
Redos
added 2021/12/24 12:0 a.m.16 views

ROS-2-1625

2.1625 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...

8.8CVSS8.9AI score0.03582EPSS
Exploits1
Redos
Redos
added 2021/12/24 12:0 a.m.16 views

ROS-2-1507

2.1507 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...

9.2AI score0.03582EPSS
Exploits1
Redos
Redos
added 2021/12/24 12:0 a.m.19 views

ROS-2-1478

2.1478 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability coul...

8.8CVSS9.8AI score0.03582EPSS
Exploits1
Redos
Redos
added 2021/12/24 12:0 a.m.17 views

ROS-2-862

2.862 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability could...

8.8CVSS9.3AI score0.03582EPSS
Exploits1
Veracode
Veracode
added 2021/12/04 9:33 a.m.25 views

Remote Code Execution (RCE)

isync is vulnerable to remote code execution. A flaw found due to an unchecked condition, allowing attacker to use the compromised IMAP server to send a crafted mail message to provoke a heap overflow and its leads to remote code execution...

9.8CVSS3.3AI score0.03662EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2021/11/22 8:15 p.m.11 views

CVE-2021-44143

A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers i.e., one that starts with an empty line to provoke a heap overflow, which could conceivably be exploited for remote...

9.8CVSS7.3AI score
Exploits0References7
Prion
Prion
added 2021/11/22 8:15 p.m.21 views

Design/Logic Flaw

A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers i.e., one that starts with an empty line to provoke a heap overflow, which could conceivably be exploited for remote...

7.5CVSS9.5AI score0.03662EPSS
Exploits0References7Affected Software3
UbuntuCve
UbuntuCve
added 2021/11/22 8:15 p.m.40 views

CVE-2021-44143

A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message that lacks headers i.e., one that starts with an empty line to provoke a heap overflow, which could conceivably be exploited for remote...

9.8CVSS7.3AI score0.03662EPSS
Exploits0References4
CVE
CVE
added 2021/11/22 7:29 p.m.135 views

CVE-2021-44143

The CVE-2021-44143 issue affects isync (mbsync) in versions prior to 1.4.4 (1.4.0–1.4.3). An unchecked condition in processing a crafted IMAP message lacking headers (starts with an empty line) can provoke a heap overflow, potentially enabling remote code execution on the client. Remediation: upg...

9.8CVSS9.4AI score0.03662EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder