Lucene search
+L

7 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.10 views

SUSE SLES16: dovecot24 / dovecot24-backend-mysql / dovecot24-backend-pgsql / etc (SUSE-SU-2026:22185-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22185-1 advisory. This update for dovecot24 fixes the following issues - CVE-2026-27851: lib-var-expand: safe filter leaks to all following pipeline...

9.1CVSS5.8AI score0.00454EPSS
Exploits0References16
OSV
OSV
added 2026/06/19 5:8 p.m.3 views

OPENSUSE-SU-2026:21109-1 Security update for dovecot24

This update for dovecot24 fixes the following issues - CVE-2026-27851: lib-var-expand: safe filter leaks to all following pipelines bsc1265146. - CVE-2026-33603: login: base64 input can contain tabs that bypass IPC protection bsc1265147. - CVE-2026-40016: Sieve: contains/: matches ONxM substring...

9.1CVSS5.8AI score0.00454EPSS
Exploits0References10
Debian
Debian
added 2026/06/05 12:28 p.m.15 views

[SECURITY] [DLA 4617-1] dovecot security update

Debian LTS Advisory DLA-4617-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin June 05, 2026 https://wiki.debian.org/LTS Package : dovecot Version : 1:2.3.13+dfsg1-2+deb11u4 CVE ID : CVE-2026-33603 CVE-2026-40020 CVE-2026-42006 Debian Bug : 1136444 Multiple...

7.5CVSS5.6AI score0.00667EPSS
Exploits1
OSV
OSV
added 2026/05/12 2:17 p.m.9 views

DEBIAN-CVE-2026-40020

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 1:28 p.m.8 views

CVE-2026-40020

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...

3.1CVSS5.8AI score0.00271EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 1:28 p.m.2 views

CVE-2026-40020

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...

3.1CVSS5.9AI score0.00271EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/05/12 1:28 p.m.22 views

CVE-2026-40020

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References1
Rows per page
Query Builder