RockyLinux 9 : dovecot (RLSA-2026:19364)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19364 advisory. dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command CVE-2025-59032 dovecot: denial of service via crafted...

Astra Linux - уязвимость в dovecot

A issue was discovered in the auth component of Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect usernamefilter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead ...

CVE-2026-33603

The CVE-2026-33603 affects Dovecot (and client) via a specially crafted base64 exchange to fake SCRAM TLS channel binding. Root cause: attacker positions between Dovecot and client to perform MITM, enabling eavesdropping. Impact: confidentiality and integrity of the conversation can be compromise...

CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and...

dovecot security update

An update is available for dovecot. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Dovecot is an IMAP server for Linux and other UNIX-like systems, written...

RockyLinux 9 : dovecot (RLSA-2026:13857)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:13857 advisory. dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command CVE-2025-59032 dovecot: denial of service via crafted...

Oracle Linux 8 : dovecot (ELSA-2026-13830)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-13830 advisory. - fix CVE-2026-27858: denial of service via crafted message before authentication RHEL-161630 - fix CVE-2025-59032: ManageSieve: Denial of Service via...

AlmaLinux 8 : dovecot (ALSA-2026:13830)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:13830 advisory. dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command CVE-2025-59032 dovecot: denial of service via crafted...

Amazon Linux 2 : dovecot, --advisory ALAS2-2026-3252 (ALAS-2026-3252)

The version of dovecot installed on the remote host is prior to 2.2.36-6. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3252 advisory. Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can us...

Linux Distros Unpatched Vulnerability : CVE-2026-24031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dovecot SQL based authentication can be bypassed when authusernamechars is cleared by admin. This vulnerability allows bypassing authentication for any user and...

UBUNTU-CVE-2026-24031

Dovecot SQL based authentication can be bypassed when authusernamechars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear authusernamechars. If this is not possible, install latest fixed version. No publicly available exploits...

MiracleLinux 7 : dovecot-2.2.36-6.el7 (AXSA:2020-4708:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-4708:01 advisory. dovecot: Improper certificate validation CVE-2019-3814 dovecot: Buffer overflow in indexer-worker process results in privilege escalation...

MiracleLinux 9 : dovecot-2.3.16-7.el9 (AXSA:2023-4711:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4711:01 advisory. dovecot: Privilege escalation when similar master and non-master passdbs are used CVE-2022-30550 Tenable has extracted the preceding description block direct...

MiracleLinux 8 : dovecot-2.3.8-4.el8 (AXSA:2021-1195:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1195:01 advisory. dovecot: command followed by sufficient number of newlines leads to use-after-free CVE-2020-10958 dovecot: sending mail with empty quoted localpart...

MiracleLinux 8 : dovecot-2.3.8-9.el8 (AXSA:2021-2023:02)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2023:02 advisory. dovecot: IMAP hibernation function allows mail access CVE-2020-24386 dovecot: Denial of service via mail MIME parsing CVE-2020-25275 Tenable has...

MiracleLinux 8 : dovecot-2.3.16-6.el8_10 (AXSA:2024-8878:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8878:05 advisory. dovecot: using a large number of address headers may trigger a denial of service CVE-2024-23184 dovecot: very large headers can cause resource...

MiracleLinux 8 : dovecot-2.3.8-2.el8.2 (AXSA:2020-546:03)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-546:03 advisory. dovecot: Resource exhaustion via deeply nested MIME parts CVE-2020-12100 dovecot: Out of bound reads in dovecot NTLM implementation CVE-2020-12673...

MiracleLinux 4 : dovecot-2.0.9-5.AXS4 (AXSA:2013-272:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-272:01 advisory. Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mai...

MiracleLinux 7 : dovecot-2.2.36-3.el7.1 (AXSA:2019-4341:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4341:02 advisory. dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes CVE-2019-11500 Tenable has extracted the precedin...

MiracleLinux 4 : dovecot-2.0.9-22.AXS4.1 (AXSA:2019-4315:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4315:01 advisory. dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes CVE-2019-11500 Tenable has extracted the precedin...