Lucene search
+L

28 matches found

cbl_mariner
cbl_mariner
added 2023/09/28 11:57 a.m.30 views

CVE-2021-29157 affecting package dovecot for versions less than 2.3.20-1

CVE-2021-29157 affecting package dovecot for versions less than 2.3.20-1. An upgraded version of the package is available that resolves this issue...

7.5CVSS5.8AI score0.0047EPSS
Exploits0
openvas
openvas
added 2022/01/28 12:0 a.m.23 views

Mageia: Security Advisory (MGASA-2021-0557)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.5AI score0.02837EPSS
Exploits0References10
openvas
openvas
added 2021/09/05 12:0 a.m.29 views

openSUSE: Security Advisory for dovecot23 (openSUSE-SU-2021:1225-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS6.9AI score0.05215EPSS
Exploits2References2
nessus
nessus
added 2021/09/04 12:0 a.m.29 views

openSUSE 15 Security Update : dovecot23 (openSUSE-SU-2021:1225-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1225-1 advisory. - The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular...

7.5CVSS7AI score0.01968EPSS
Exploits0References8
nessus
nessus
added 2021/09/01 12:0 a.m.27 views

openSUSE 15 Security Update : dovecot23 (openSUSE-SU-2021:2892-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2892-1 advisory. - The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular...

7.5CVSS7AI score0.01968EPSS
Exploits0References8
openvas
openvas
added 2021/09/01 12:0 a.m.23 views

openSUSE: Security Advisory for dovecot23 (openSUSE-SU-2021:2892-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS6.9AI score0.05215EPSS
Exploits2References2
openvas
openvas
added 2021/09/01 12:0 a.m.23 views

SUSE: Security Advisory (SUSE-SU-2021:2892-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS6.4AI score0.05215EPSS
Exploits2References6
nessus
nessus
added 2021/09/01 12:0 a.m.27 views

SUSE SLES15: dovecot23 / dovecot23-backend-mysql / dovecot23-backend-pgsql / etc (SUSE-SU-2021:2891-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2891-1 advisory. Update dovecot to version 2.3.15 jscSLE-19970: Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and a...

7.5CVSS7.2AI score0.02837EPSS
Exploits0References8
openvas
openvas
added 2021/09/01 12:0 a.m.28 views

SUSE: Security Advisory (SUSE-SU-2021:2890-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.02837EPSS
Exploits0References16
nessus
nessus
added 2021/09/01 12:0 a.m.25 views

SUSE SLES15: dovecot23 / dovecot23-backend-mysql / dovecot23-backend-pgsql / etc (SUSE-SU-2021:2890-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2890-1 advisory. Update dovecot to version 2.3.15 jscSLE-19970: Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and a...

7.5CVSS7.2AI score0.02837EPSS
Exploits0References8
openvas
openvas
added 2021/09/01 12:0 a.m.28 views

SUSE: Security Advisory (SUSE-SU-2021:2891-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.02837EPSS
Exploits0References16
nessus
nessus
added 2021/09/01 12:0 a.m.32 views

SUSE SLES15: dovecot23 / dovecot23-backend-mysql / dovecot23-backend-pgsql / etc (SUSE-SU-2021:2892-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2892-1 advisory. Update dovecot to version 2.3.15 jscSLE-19970: Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in...

7.5CVSS7.2AI score0.02837EPSS
Exploits0References8
osv
osv
added 2021/08/31 2:37 p.m.5 views

SUSE-SU-2021:2891-1 Security update for dovecot23

This update for dovecot23 fixes the following issues: Update dovecot to version 2.3.15 jscSLE-19970: Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has...

7.5CVSS7.3AI score0.01968EPSS
Exploits0References6
opensuse
opensuse
added 2021/08/31 12:0 a.m.80 views

Security update for dovecot23 (moderate)

openSUSE Security Update: Security update for dovecot23 Announcement ID: openSUSE-SU-2021:2892-1 Rating: moderate References: 1187418 1187419 1187420 SLE-19970 Cross-References: CVE-2020-28200 CVE-2021-29157 CVSS scores: CVE-2020-28200 NVD : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L...

6.7CVSS7AI score0.02837EPSS
Exploits0References4
altlinux
altlinux
added 2021/08/19 12:0 a.m.39 views

Security fix for the ALT Linux 9 package dovecot version 2.3.16-alt1

2.3.16-alt1 built Aug. 19, 2021 Andrey Cherepanov in task 282506 Aug. 12, 2021 Andrey Cherepanov - Updated to 2.3.16 fixes CVE-2021-33515, CVE-2021-29157, CVE-2021-33515, CVE-2021-29157. - Package watch file...

5.8CVSS5.8AI score0.02837EPSS
Exploits0
nessus
nessus
added 2021/07/16 12:0 a.m.33 views

openSUSE 15 Security Update : dovecot23 (openSUSE-SU-2021:2123-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2123-1 advisory. - Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into usi...

7.5CVSS7.2AI score0.02837EPSS
Exploits0References7
openvas
openvas
added 2021/07/13 12:0 a.m.28 views

openSUSE: Security Advisory for dovecot23 (openSUSE-SU-2021:2123-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS6.6AI score0.02837EPSS
Exploits0References2
cve
cve
added 2021/06/28 11:58 a.m.212 views

CVE-2021-29157

CVE-2021-29157 affects Dovecot before 2.3.15. The issue is a path traversal vulnerability that, when an attacker has local filesystem access, can trick OAuth2 JWT validation into using an HS256 key from an attacker-controlled location during local JWT validation with the posix fs driver. This can...

7.5CVSS5.5AI score0.0047EPSS
Exploits0References5Affected Software1
debiancve
debiancve
added 2021/06/28 11:58 a.m.21 views

CVE-2021-29157

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver...

7.5CVSS6.6AI score0.0047EPSS
Exploits0
openvas
openvas
added 2021/06/26 12:0 a.m.25 views

openSUSE: Security Advisory for dovecot23 (openSUSE-SU-2021:0920-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

7.5CVSS6.6AI score0.02837EPSS
Exploits0References2
Rows per page
Query Builder