CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

RedHat Linux•added 2026/06/17 12:10 p.m.•8 views

dovecot: Doveadm: Full access via timing oracle attack in credential verification

A flaw was found in Doveadm, a component of Dovecot. An attacker can exploit a timing oracle vulnerability during the direct comparison of credentials. This allows the attacker to determine the configured credentials, potentially leading to full unauthorized access to the affected component...

7.4CVSS5.4AI score0.00294EPSS

Exploits1References5

OSV•added 2026/04/28 11:53 a.m.•10 views

SUSE-SU-2026:1641-1 Security update for dovecot22

This update for dovecot22 fixes the following issues: - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. - CVE-2025-59032: pigeonhole: ManageSieve panic occurs with sieve-connect as a client bsc1260902. - CVE-2026-27855: OTP...

7.5CVSS5.4AI score0.00456EPSS

Exploits5References15

Packet Storm•added 2026/04/22 12:0 a.m.•83 views

📄 Dovecot doveadm Timing Attack / Credential Extraction

This Metasploit auxiliary module performs a timing-based side-channel attack against the Dovecot doveadm HTTP interface to extract credentials character by character. ==================================================================================================================================...

7.4CVSS5.8AI score0.00294EPSS

Exploits1

OSV•added 2026/04/16 1:15 p.m.•5 views

SUSE-SU-2026:21208-1 Security update for dovecot24

This update for dovecot24 fixes the following issues: - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. -...

8.2CVSS5.8AI score0.00456EPSS

Exploits6References21

Amazon•added 2026/04/13 12:0 a.m.•9 views

Important: dovecot

Issue Overview: Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm ht...

7.5CVSS5.9AI score0.00456EPSS

Exploits2

SUSE CVE•added 2026/03/28 12:28 a.m.•4 views

SUSE CVE-2026-27856

Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port,...

7.4CVSS5.9AI score0.00294EPSS

Exploits1References5

Tenable Nessus•added 2026/03/28 12:0 a.m.•14 views

Linux Distros Unpatched Vulnerability : CVE-2026-27856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured...

7.4CVSS5.5AI score0.00294EPSS

Exploits1References3

EUVD•added 2026/03/27 9:31 a.m.•4 views

EUVD-2026-16565

7.4CVSS5.9AI score0.00294EPSS

Exploits1References2

NVD•added 2026/03/27 9:16 a.m.•2 views

CVE-2026-27856

7.4CVSS0.00294EPSS

Exploits1References1

OSV•added 2026/03/27 9:16 a.m.•2 views

ALPINE-CVE-2026-27856

5.9CVSS5.9AI score0.00294EPSS

Exploits1References1

CVE•added 2026/03/27 8:10 a.m.•24 views

CVE-2026-27856

CVE-2026-27856 concerns the doveadm credential verification path, where direct comparison enables a timing oracle to determine configured credentials. The issue affects the doveadm HTTP service component used by Open-Xchange-related deployments, enabling an attacker to infer credentials through t...

7.4CVSS5.9AI score0.00294EPSS

Exploits1References1Affected Software2

Cvelist•added 2026/03/27 8:10 a.m.•27 views

CVE-2026-27856

7.4CVSS0.00294EPSS

Exploits1References1

ATTACKERKB•added 2026/03/27 8:10 a.m.•8 views

CVE-2026-27856

7.4CVSS5.9AI score0.00294EPSS

Exploits1References2

Vulnrichment•added 2026/03/27 8:10 a.m.•1 views

CVE-2026-27856

7.4CVSS5.9AI score0.00294EPSS

Exploits1References1

Debian CVE•added 2026/03/27 8:10 a.m.•1 views

CVE-2026-27856

7.4CVSS5.4AI score0.00294EPSS

Exploits1

AlpineLinux•added 2026/03/27 8:10 a.m.•3 views

CVE-2026-27856

7.4CVSS5.9AI score0.00294EPSS

Exploits1References1

UbuntuCve•added 2026/03/27 12:0 a.m.•4 views

CVE-2026-27856

7.4CVSS5.9AI score0.00294EPSS

Exploits1References2

OSV•added 2026/03/27 12:0 a.m.•4 views

UBUNTU-CVE-2026-27856

7.4CVSS5.8AI score0.00294EPSS

Exploits1References3

Positive Technologies•added 2026/01/01 12:0 a.m.•3 views

PT-2026-28364

Name of the Vulnerable Software and Affected Versions Doveadm affected versions not specified Description Doveadm credentials are verified using direct comparison, which is susceptible to a timing oracle attack. An attacker could potentially determine the configured credentials, leading to full...

7.7CVSS5.9AI score0.00456EPSS

Exploits7References31

Tenable Nessus•added 2025/12/02 12:0 a.m.•4 views

openSUSE 16 Security Update : dovecot24 (openSUSE-SU-2025-20113-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2025-20113-1 advisory. - Update dovecot to 2.4.2: - CVE-2025-30189: Fixed users cached with same cache key when auth cache was enabled bsc1252839 - Changes - auth: Remove...

7.4CVSS5.6AI score0.00568EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by