Lucene search
K

83 matches found

Prion
Prion
added 2020/05/18 2:15 p.m.15 views

Null pointer dereference

In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp...

5CVSS7.4AI score0.07167EPSS
Exploits3References10Affected Software1
Prion
Prion
added 2020/05/18 2:15 p.m.18 views

Command injection

In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command...

5CVSS5.3AI score0.06122EPSS
Exploits3References10Affected Software1
AlpineLinux
AlpineLinux
added 2020/05/18 2:2 p.m.34 views

CVE-2020-10967

In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart...

5.3CVSS6.5AI score0.08153EPSS
Exploits3
Cvelist
Cvelist
added 2020/05/18 2:0 p.m.18 views

CVE-2020-10958

In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command...

5.3CVSS6.1AI score0.06122EPSS
Exploits3References10
CVE
CVE
added 2020/05/18 2:0 p.m.250 views

CVE-2020-10958

Dovecot before 2.3.10.1 is affected by CVE-2020-10958 (use-after-free in submission-login/submission/lmtp). A crafted SMTP/LMTP message with many newlines after a command can trigger an unauthenticated crash, potentially leading to denial of service. Multiple connected advisories (Arch, Debian, F...

5.3CVSS6AI score0.06122EPSS
Exploits3References10Affected Software1
AlpineLinux
AlpineLinux
added 2020/05/18 2:0 p.m.35 views

CVE-2020-10958

In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command...

5.3CVSS6.3AI score0.06122EPSS
Exploits3
Debian CVE
Debian CVE
added 2020/05/18 2:0 p.m.32 views

CVE-2020-10958

In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command...

5.3CVSS6.5AI score0.06122EPSS
Exploits3
UbuntuCve
UbuntuCve
added 2020/05/18 12:0 p.m.22 views

CVE-2020-10958

In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command...

5.3CVSS6.8AI score0.06122EPSS
Exploits3References2
OSV
OSV
added 2020/05/18 12:0 p.m.3 views

UBUNTU-CVE-2020-10958

In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command...

5.3CVSS7.2AI score0.06122EPSS
Exploits3References3
OSV
OSV
added 2020/05/18 12:0 p.m.3 views

UBUNTU-CVE-2020-10957

In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp...

7.5CVSS7.2AI score0.07167EPSS
Exploits3References3
OSV
OSV
added 2020/05/18 12:0 p.m.4 views

UBUNTU-CVE-2020-10967

In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart...

5.3CVSS6.8AI score0.08153EPSS
Exploits3References3
UbuntuCve
UbuntuCve
added 2020/05/18 12:0 p.m.31 views

CVE-2020-10967

In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart...

5.3CVSS6.8AI score0.08153EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2020/05/18 12:0 a.m.1 views

PT-2020-12455 · Dovecot +7 · Dovecot +7

Name of the Vulnerable Software and Affected Versions: Dovecot versions prior to 2.3.10.1 Description: The issue allows remote unauthenticated attackers to crash the lmtp or submission process by sending mail with an empty localpart. Recommendations: For versions prior to 2.3.10.1, update to...

9.8CVSS6.4AI score0.62579EPSS
Exploits14References91
Positive Technologies
Positive Technologies
added 2020/05/18 12:0 a.m.1 views

PT-2020-12448 · Dovecot +6 · Dovecot +6

Name of the Vulnerable Software and Affected Versions: Dovecot versions prior to 2.3.10.1 Description: The issue arises from sending malformed parameters to a NOOP command, which causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp. This can be triggered without...

9.8CVSS6.4AI score0.62579EPSS
Exploits14References86
0day.today
0day.today
added 2020/05/18 12:0 a.m.66 views

Open-Xchange Dovecot 2.3.10 Null Pointer Dereference / Denial Of Service Vulnerabilities

------------------ Open-Xchange Security Advisory 2020-05-18 Product: Dovecot Vendor: OX Software GmbH Internal reference: DOV-3784 Vulnerability type: NULL pointer dereference CWE-476 Vulnerable version: 2.3.0 - 2.3.10 Vulnerable component: submission, lmtp Report confidence: Confirmed Solution...

7.5CVSS0.5AI score0.08153EPSS
Exploits5
FreeBSD
FreeBSD
added 2020/04/23 12:0 a.m.40 views

mail/dovecot -- multiple vulnerabilities

Aki Tuomi reports: Parsing mails with a large number of MIME parts could have resulted in excessive CPU usage or a crash due to running out of stack memory.. Dovecot's NTLM implementation does not correctly check message buffer size, which leads to reading past allocation which can lead to crash...

7.5CVSS1.2AI score0.08153EPSS
Exploits6References1
Veracode
Veracode
added 2020/04/10 1:3 a.m.29 views

Man-in-the-Middle (MitM)

cyrus-imapd is vulnerable to man-in-the-middle MitM. The vulnerability exists as it was discovered that cyrus-imapd did not flush the received commands buffer after switching to TLS encryption for IMAP, LMTP, NNTP, and POP3 sessions. A man-in-the-middle attacker could use this flaw to inject...

5.1CVSS2.4AI score0.03999EPSS
Exploits0References22Affected Software1
FreeBSD
FreeBSD
added 2020/04/02 12:0 a.m.34 views

Dovecot -- Multiple vulnerabilities

Aki Tuomi reports: Vulnerability Details: Sending malformed NOOP command causes crash in submission, submission-login or lmtp service. Risk: Remote attacker can keep submission-login service down, causing denial of service attack. For lmtp the risk is neglible, as lmtp is usually behind a trusted...

6.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2020/02/17 5:44 a.m.27 views

CVE-2020-7957

The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing character exists. This causes a denial of service in which the recipient cannot read all of their messages...

5.3CVSS3.2AI score0.01877EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2020/02/13 12:0 a.m.53 views

Dovecot 2.3.9 < 2.3.9.3 Multiple Vulnerabilities

Dovecot is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5AI score
Exploits0References2
Rows per page
Query Builder