USN-8136-1 dovecot vulnerabilities

It was discovered that Dovecot incorrectly handled invalid base64 SASL data. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-59028 It was discovered that Dovecot script decode2text.sh incorrectly handled zip files. An attacke...

CVE-2026-24031

Dovecot SQL based authentication can be bypassed when authusernamechars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear authusernamechars. If this is not possible, install latest fixed version. No publicly available exploits...

PT-2026-28336

Name of the Vulnerable Software and Affected Versions Dovecot affected versions not specified Description Dovecot’s SQL-based authentication mechanism can be bypassed when the auth username chars setting is cleared by an administrator. This allows an attacker to bypass authentication for any user...

CVAD II Unable to connect to Database from DDC and getting an error "reenter controller address"

Re-enter controller address on DDC error on sql : SSPI Handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed You will be able to find the authentication failures/logon...

Azure SQL Database Security: 9 Features You Should Know

Databases are where organizations hold their “crown jewels” – their data. If you’re running or looking to run SQL on Azure, Azure provides security for the physical, logical, and data layers of services. Basic Azure SQL database security can be enabled using a variety of native security features...

Description of the security update for SharePoint Server 2019: May 11, 2021 (KB5001916)

Description of the security update for SharePoint Server 2019: May 11, 2021 KB5001916 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and a Microsoft SharePoint spoofing vulnerability and information disclosure vulnerability. To learn more...

UBUNTU-CVE-2019-20917

An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0. The mysql module contains a NULL pointer dereference when built against mariadb-connector-c 3.0.5 or newer. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd...

UBUNTU-CVE-2020-25269

An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server...

How to Deploy Veeam Configuration Database in SQL AlwaysOn Availability Group

Multi-subnet SQL AlwaysOn clusters are not supported for hosting the Veeam Backup & Replication or Veeam Backup Enterprise Manager configuration databases. Purpose This article provides information on using a SQL AlwaysOn Availability Group to host the Veeam Backup & Replication and/or Veeam Back...

[SECURITY] Fedora 19 Update: dovecot-2.2.13-1.fc19

Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages...

Cannot open database requested by login. The login failed

Challenge When you try to access Veeam ONE Web UI, the following error occurs: Cannot open database requested by login. The login failed. Cause Veeam ONE Web UI configuration is missing information on the account used for SQL authentication. Solution To modify configuration settings, follow the...

Postgres Plus SQL authentication bypass

Unauthorized access to DBA Management Server TCP/9000, TCP/9363...

CVE-2005-1824

The sqlescapestring function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "" backslash character, which is used as an escape character and makes the module vulnerable to SQL injection attacks...

CVE-2005-1824

The sqlescapestring function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "" backslash character, which is used as an escape character and makes the module vulnerable to SQL injection attacks...

CVE-2005-1824

The sqlescapestring function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "" backslash character, which is used as an escape character and makes the module vulnerable to SQL injection attacks...

CVE-2002-1872

Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption XOR, which allows remote attackers to sniff and decrypt the password...

PT-2002-2594 · Microsoft · Sql Server

Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server versions 6.0 through 2000 Description: The issue allows remote attackers to sniff and decrypt passwords due to the use of weak password encryption XOR when SQL Authentication is enabled. Recommendations: For Microsoft SQL...