TencentOS Server 3: dovecot (TSSA-2026:0376)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0376 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2026-40016

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

Important: dovecot

Issue Overview: Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm ht...

Linux Distros Unpatched Vulnerability : CVE-2025-59032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it...

UBUNTU-CVE-2026-27858

Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to managesieve protocol, or install fixed version. No public...

CVE-2008-5301

Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." dot dot in a script name...