Lucene search
+L

83 matches found

osv
osv
added 2020/02/12 5:15 p.m.22 views

CVE-2020-7046

lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop...

7.5CVSS6.9AI score
Exploits0References5
nvd
nvd
added 2020/02/12 5:15 p.m.25 views

CVE-2020-7957

The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing character exists. This causes a denial of service in which the recipient cannot read all of their messages...

5.3CVSS4.7AI score0.01877EPSS
Exploits1References5
osv
osv
added 2020/02/12 5:15 p.m.30 views

CVE-2020-7957

The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing character exists. This causes a denial of service in which the recipient cannot read all of their messages...

5.3CVSS6.5AI score
Exploits0References5
prion
prion
added 2020/02/12 5:15 p.m.23 views

Design/Logic Flaw

The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing character exists. This causes a denial of service in which the recipient cannot read all of their messages...

5CVSS4.1AI score0.01877EPSS
Exploits1References5Affected Software2
cve
cve
added 2020/02/12 4:50 p.m.111 views

CVE-2020-7957

CVE-2020-7957 affects the Dovecot IMAP and LMTP components. In versions 2.3.9 through before 2.3.9.3, snippet generation can mishandle when many characters must be read to compute a snippet and a trailing > exists, leading to a denial of service where the recipient cannot read all messages. Th...

5.3CVSS5.5AI score0.01877EPSS
Exploits1References5Affected Software1
cvelist
cvelist
added 2020/02/12 4:50 p.m.27 views

CVE-2020-7957

The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing character exists. This causes a denial of service in which the recipient cannot read all of their messages...

3.1CVSS6AI score0.01877EPSS
Exploits1References5
debiancve
debiancve
added 2020/02/12 4:50 p.m.31 views

CVE-2020-7957

The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing character exists. This causes a denial of service in which the recipient cannot read all of their messages...

5.3CVSS5.5AI score0.01877EPSS
Exploits1
alpinelinux
alpinelinux
added 2020/02/12 4:50 p.m.39 views

CVE-2020-7957

The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing character exists. This causes a denial of service in which the recipient cannot read all of their messages...

5.3CVSS5.4AI score0.01877EPSS
Exploits1
cvelist
cvelist
added 2020/02/12 4:40 p.m.31 views

CVE-2020-7046

lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop...

7.5CVSS7.5AI score0.51264EPSS
Exploits0References5
debiancve
debiancve
added 2020/02/12 4:40 p.m.36 views

CVE-2020-7046

lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop...

7.8CVSS7.8AI score0.51264EPSS
Exploits0
cve
cve
added 2020/02/12 4:40 p.m.123 views

CVE-2020-7046

CVE-2020-7046 affects Dovecot components lib-smtp (submission-login) and lmtp in 2.3.9 prior to 2.3.9.3, where truncated UTF-8 data in command parameters can be triggered unauthenticated, causing a submission-login infinite loop (DoS). Public references in multiple advisories confirm the vulnerab...

7.8CVSS7.5AI score0.51264EPSS
Exploits0References5Affected Software1
ubuntucve
ubuntucve
added 2020/02/12 12:0 p.m.24 views

CVE-2020-7957

The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing character exists. This causes a denial of service in which the recipient cannot read all of their messages...

5.3CVSS6.8AI score0.01877EPSS
Exploits1References1
ubuntucve
ubuntucve
added 2020/02/12 12:0 p.m.33 views

CVE-2020-7046

lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop...

7.8CVSS7.1AI score0.51264EPSS
Exploits0References1
nessus
nessus
added 2020/01/30 12:0 a.m.79 views

FreeBSD : OpenSMTPd -- critical LPE / RCE vulnerability (08f5c27d-4326-11ea-af8b-00155d0a0200)

OpenSMTPD developers report : An incorrect check allows an attacker to trick mbox delivery into executing arbitrary commands as root and lmtp delivery into executing arbitrary commands as an unprivileged user %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

10CVSS8.8AI score0.98946EPSS
Exploits27References3
freebsd
freebsd
added 2020/01/14 12:0 a.m.32 views

dovecot -- multiple vulnerabilities

Aki Tuomi reports: lib-smtp doesn't handle truncated command parameters properly, resulting in infinite loop taking 100% CPU for the process. This happens for LMTP where it doesn't matter so much and also for submission-login where unauthenticated users can trigger it. Aki also reports: Snippet...

6.8AI score
Exploits0References2
nessus
nessus
added 2019/02/26 12:0 a.m.30 views

openSUSE Security Update : dovecot23 (openSUSE-2019-243)

This update for dovecot23 fixes the following issues : dovecot was updated to 2.3.3 release, bringing lots of bugfixes bsc1124356. Also the following security issue was fixed : - CVE-2019-3814: A vulnerability in Dovecot related to SSL client certificate authentication was fixed bsc1123022 The...

7.7CVSS6.9AI score0.02462EPSS
Exploits1References4
openvas
openvas
added 2011/08/18 12:0 a.m.22 views

CentOS Update for cyrus-imapd CESA-2011:0859 centos4 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5.1CVSS5.2AI score0.03999EPSS
Exploits0References2
openvas
openvas
added 2011/08/03 12:0 a.m.31 views

Debian: Security Advisory (DSA-2258-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.1CVSS6.4AI score0.03999EPSS
Exploits0References3
oraclelinux
oraclelinux
added 2011/05/28 12:0 a.m.38 views

dovecot security and enhancement update

2.0.9-2 - fix issues and assert crashes found in 2.0.9 lmtp,dotlock,zlib 2.0.9-1 - dovecot updated to 2.0.9 - fixed a high system CPU usage / high context switch count performance problem - lda: Fixed a crash when trying to send 'out of quota' reply 2.0.8-1 - dovecot updated to 2.0.8 fixes 654226...

5.5CVSS0.1AI score0.02667EPSS
Exploits0
gentoo
gentoo
added 2007/01/22 12:0 a.m.37 views

Fetchmail: Denial of Service and password disclosure

Background Fetchmail is a remote mail retrieval and forwarding utility. Description Neil Hoggarth has discovered that when delivering messages to a message delivery agent by means of the "mda" option, Fetchmail passes a NULL pointer to the ferror and fflush functions when refusing a message. Isaa...

7.8CVSS6.5AI score0.04255EPSS
Exploits0
Rows per page
Query Builder