Lucene search
K

2315 matches found

Tenable Nessus
Tenable Nessus
added 5 days ago5 views

SUSE SLES12: dovecot22 / dovecot22-backend-mysql / dovecot22-backend-pgsql / etc (SUSE-SU-2026:2645-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2645-1 advisory. This update for dovecot22 fixes the following issues - CVE-2026-33603: login: base64 input can contain tabs that bypass IPC protection...

7.5CVSS5.8AI score0.00454EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 6 days ago9 views

SUSE SLES16: dovecot24 / dovecot24-backend-mysql / dovecot24-backend-pgsql / etc (SUSE-SU-2026:22185-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22185-1 advisory. This update for dovecot24 fixes the following issues - CVE-2026-27851: lib-var-expand: safe filter leaks to all following pipeline...

9.1CVSS5.8AI score0.00454EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.2 views

Oracle Linux 9 : dovecot (ELSA-2026-19364)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19364 advisory. - fix CVE-2026-27858: denial of service via crafted message before authentication RHEL-161640 - fix CVE-2025-59032: ManageSieve: Denial of Service via...

7.5CVSS5.9AI score0.0079EPSS
Exploits2References4
OSV
OSV
added 2026/06/19 5:4 p.m.2 views

SUSE-SU-2026:22185-1 Security update for dovecot24

This update for dovecot24 fixes the following issues - CVE-2026-27851: lib-var-expand: safe filter leaks to all following pipelines bsc1265146. - CVE-2026-33603: login: base64 input can contain tabs that bypass IPC protection bsc1265147. - CVE-2026-40016: Sieve: contains/: matches ONxM substring...

9.1CVSS5.8AI score0.00454EPSS
Exploits0References11
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in dovecot

The submission service in Dovecot before 2.3.15 allowed for STARTTLS command injection in the lib-smtp library. Sensitive information could be redirected to an address controlled by the attacker...

5.8CVSS6.8AI score0.02837EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.10 views

Astra Linux – Vulnerability in Dovecot

A issue was discovered in the auth component of Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect usernamefilter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead ...

8.8CVSS6.9AI score0.01748EPSS
Exploits1References2
OSV
OSV
added 2026/06/18 10:9 a.m.5 views

RHSA-2026:26564 Red Hat Security Advisory: dovecot security update

Bulletin has no description...

7.5CVSS5AI score0.0079EPSS
Exploits3References20
RedHat Linux
RedHat Linux
added 2026/06/17 12:10 p.m.5 views

dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command

A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...

7.5CVSS5.5AI score0.00703EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/17 12:10 p.m.7 views

dovecot: denial of service via crafted message before authentication

A flaw was found in dovecot. An unauthenticated and remote attacker can send a crafted message that causes managesieve to allocate an excessive amount of memory, forcing managesieve-login to be unavailable by repeatedly crashing the process, resulting in a denial of service...

7.5CVSS5.4AI score0.0079EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/17 12:10 p.m.9 views

dovecot: Doveadm: Full access via timing oracle attack in credential verification

A flaw was found in Doveadm, a component of Dovecot. An attacker can exploit a timing oracle vulnerability during the direct comparison of credentials. This allows the attacker to determine the configured credentials, potentially leading to full unauthorized access to the affected component...

7.4CVSS5.4AI score0.00392EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/17 12:10 p.m.6 views

dovecot: denial of service via specially crafted NOOP command

A flaw was found in dovecot. An unauthenticated and remote attacker can send a specially crafted "NOOP" command containing numerous open and close parentheses without a command-ending line feed, causing the server to allocate an excessive amount of memory, resulting in a denial of service...

7.5CVSS5.5AI score0.00667EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/17 12:10 p.m.9 views

Important: Red Hat Security Advisory: dovecot security update

An update for dovecot is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

7.5CVSS5.8AI score0.0079EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.8 views

RHEL 7 : dovecot (RHSA-2026:26564)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26564 advisory. Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3...

7.5CVSS5.6AI score0.0079EPSS
Exploits3References10
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.6 views

Debian dla-4556 : dovecot-auth-lua - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4556 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4556-1 [email protected]...

7.5CVSS5.5AI score0.0079EPSS
Exploits6References18
Debian
Debian
added 2026/06/05 12:28 p.m.10 views

[SECURITY] [DLA 4617-1] dovecot security update

Debian LTS Advisory DLA-4617-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin June 05, 2026 https://wiki.debian.org/LTS Package : dovecot Version : 1:2.3.13+dfsg1-2+deb11u4 CVE ID : CVE-2026-33603 CVE-2026-40020 CVE-2026-42006 Debian Bug : 1136444 Multiple...

7.5CVSS5.6AI score0.00667EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.15 views

Debian dla-4617 : dovecot-auth-lua - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4617 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4617-1 [email protected]...

7.5CVSS5.7AI score0.00667EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.12 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Dovecot vulnerabilities (USN-8365-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8365-1 advisory. It was discovered that Dovecot incorrectly treated some variable expansion pipelines as safe in authentication filters. A...

9.1CVSS5.8AI score0.00454EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.8 views

RockyLinux 10 : dovecot (RLSA-2026:19149)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19149 advisory. dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command CVE-2025-59032 dovecot: denial of service via crafted...

7.5CVSS5.8AI score0.0079EPSS
Exploits2References7
OSV
OSV
added 2026/06/02 12:42 p.m.9 views

USN-8365-1 dovecot vulnerabilities

It was discovered that Dovecot incorrectly treated some variable expansion pipelines as safe in authentication filters. An attacker could possibly use this issue to perform SQL or LDAP injection attacks. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. CVE-2026-27851 It was discovered...

9.1CVSS5.9AI score0.00454EPSS
Exploits0References6
Fedora
Fedora
added 2026/06/02 1:11 a.m.17 views

[SECURITY] Fedora 43 Update: dovecot-2.4.4-1.fc43

Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages...

9.1CVSS5.9AI score0.00667EPSS
Exploits1
Rows per page
Query Builder