28 matches found
CVE-2021-29157 affecting package dovecot for versions less than 2.3.20-1
CVE-2021-29157 affecting package dovecot for versions less than 2.3.20-1. An upgraded version of the package is available that resolves this issue...
Mageia: Security Advisory (MGASA-2021-0557)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for dovecot23 (openSUSE-SU-2021:1225-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE 15 Security Update : dovecot23 (openSUSE-SU-2021:1225-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1225-1 advisory. - The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular...
openSUSE 15 Security Update : dovecot23 (openSUSE-SU-2021:2892-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2892-1 advisory. - The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular...
openSUSE: Security Advisory for dovecot23 (openSUSE-SU-2021:2892-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
SUSE: Security Advisory (SUSE-SU-2021:2892-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15: dovecot23 / dovecot23-backend-mysql / dovecot23-backend-pgsql / etc (SUSE-SU-2021:2891-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2891-1 advisory. Update dovecot to version 2.3.15 jscSLE-19970: Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and a...
SUSE: Security Advisory (SUSE-SU-2021:2890-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15: dovecot23 / dovecot23-backend-mysql / dovecot23-backend-pgsql / etc (SUSE-SU-2021:2890-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2890-1 advisory. Update dovecot to version 2.3.15 jscSLE-19970: Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and a...
SUSE: Security Advisory (SUSE-SU-2021:2891-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE SLES15: dovecot23 / dovecot23-backend-mysql / dovecot23-backend-pgsql / etc (SUSE-SU-2021:2892-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2892-1 advisory. Update dovecot to version 2.3.15 jscSLE-19970: Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in...
SUSE-SU-2021:2891-1 Security update for dovecot23
This update for dovecot23 fixes the following issues: Update dovecot to version 2.3.15 jscSLE-19970: Security issues fixed: - CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens, if attacker has...
Security update for dovecot23 (moderate)
openSUSE Security Update: Security update for dovecot23 Announcement ID: openSUSE-SU-2021:2892-1 Rating: moderate References: 1187418 1187419 1187420 SLE-19970 Cross-References: CVE-2020-28200 CVE-2021-29157 CVSS scores: CVE-2020-28200 NVD : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L...
Security fix for the ALT Linux 9 package dovecot version 2.3.16-alt1
2.3.16-alt1 built Aug. 19, 2021 Andrey Cherepanov in task 282506 Aug. 12, 2021 Andrey Cherepanov - Updated to 2.3.16 fixes CVE-2021-33515, CVE-2021-29157, CVE-2021-33515, CVE-2021-29157. - Package watch file...
openSUSE 15 Security Update : dovecot23 (openSUSE-SU-2021:2123-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2123-1 advisory. - Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into usi...
openSUSE: Security Advisory for dovecot23 (openSUSE-SU-2021:2123-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2021-29157
CVE-2021-29157 affects Dovecot before 2.3.15. The issue is a path traversal vulnerability that, when an attacker has local filesystem access, can trick OAuth2 JWT validation into using an HS256 key from an attacker-controlled location during local JWT validation with the posix fs driver. This can...
CVE-2021-29157
Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver...
openSUSE: Security Advisory for dovecot23 (openSUSE-SU-2021:0920-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...