SUSE-SU-2026:21208-1 Security update for dovecot24

This update for dovecot24 fixes the following issues: - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. -...

CVE-2025-59028

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...

CVE-2025-59028

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...

CVE-2025-54350

A flaw was found in iperf3. A malformed Base64-encoded authentication string triggers an assertion failure within the iperfauth.c file, leading to application termination. This vulnerability allows a network attacker to induce this failure by sending a crafted authentication attempt, resulting in...

CVE-2022-41545

The administrative web interface of a Netgear C7800 Router running firmware version 6.01.07 and possibly others authenticates users via basic authentication, with an HTTP header containing a base64 value of the plaintext username and password. Because the web server also does not utilize transpor...

PT-2025-54917

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.3 Description Sending invalid base64 SASL data can disrupt the login process by disconnecting it from the authentication server, leading to the failure of all active authentication sessions. This can be used to...

CVE-2024-10295

A flaw was found in Gateway. Sending a non-base64 'basic' auth with special characters can cause APICast to incorrectly authenticate a request. A malformed basic authentication header containing special characters bypasses authentication and allows unauthorized access to the backend. This issue c...

IBM Tivoli Endpoint 4.1.1 Buffer Overflow / Hard-Coded Credentials

!/usr/bin/python tiv-sys.py IBM Tivoli Endpoint 4.1.1 Remote SYSTEM Exploit Jeremy Brown 0xjbrown41-gmail-com June 2011 Discovered by: Brian Adeloye of Tenable Network Security This exploit makes use of two vulnerabilities: 1 Base64 authentication credentials hard-coded in lcfd.exe 2 Stack-based...

Apache 2.0.45 - 'APR' Crash

!/usr/bin/perl Apache 2.0.37 - 2.0.45 APR Exploit Written By Matthew Murphy This Perl script will successfully exploit any un-patched Apache 2.x servers. Base64 Encoder If you want authentication with the server via HTTP's lame Basic auth, put the proper string to encode BASE64 content, and use...

Apache 2.0.45 - APR Crash

Apache 2.0.45 - APR Crash !/usr/bin/perl Apache 2.0.37 - 2.0.45 APR Exploit Written By Matthew Murphy This Perl script will successfully exploit any un-patched Apache 2.x servers. Base64 Encoder If you want authentication with the server via HTTP's lame Basic auth, put the proper string to encode...