CVE-2026-27860

If authusernamechars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out authusernamechars, or install fixed version. No publicly available exploits are...

SUSE-SU-2025:1193-1 Security update for apparmor

This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin bsc1234452...

SUSE SLES15 Security Update : apparmor (SUSE-SU-2025:1135-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:1135-1 advisory. This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin...

SUSE-SU-2025:1135-1 Security update for apparmor

This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin bsc1234452...

SUSE-SU-2025:1134-1 Security update for apparmor

This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin bsc1234452...

SUSE SLES12 Security Update : apparmor (SUSE-SU-2025:1101-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1101-1 advisory. This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin bsc1234452...

PT-2025-19699 · Opensuse +1 · Apparmor +1

Name of the Vulnerable Software and Affected Versions: apparmor affected versions not specified Description: This issue allows dovecot-auth to execute the unix check password function from /sbin, not only from /usr/bin. Recommendations: At the moment, there is no information about a newer version...

PT-2025-19700 · Suse · Apparmor +1

This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin bsc1234452...

SUSE-SU-2025:1101-1 Security update for apparmor

This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin bsc1234452...

PT-2025-19698 · Suse · Apparmor

This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin bsc1234452...

SUSE-SU-2025:1063-1 Security update for apparmor

This update for apparmor fixes the following issues: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin bsc1234452...

CVE-2022-30550

An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect usernamefilter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead...

CVE-2016-8652

The CVE-2016-8652 affects the Dovecot auth component when the auth-policy is enabled. The vulnerability allows a remote attacker to cause a denial-of-service (crash) by aborting authentication without a username, with affected versions listed as Dovecot prior to 2.2.27 (OpenVAS references note a ...

CVE-2006-0730

Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service application crash or hang via unspecified vectors involving 1 "potential hangs" in the APPEND command and "potential crashes" in 2 dovecot-auth and 3 imap/pop3-login. NOTE: vector 2...