14 matches found
dovecot: Fix of CVE-2026-27857
CVE-2026-27857: imap-login: limit IMAP parser open lists to prevent excessive memory usage...
CLSA-2026-1777976700 dovecot: Fix of CVE-2026-27857
CVE-2026-27857: limit the number of open IMAP parser lists in imap-login to prevent excessive memory usage from deeply nested parentheses e.g. NOOP...
CLSA-2026-1777946242 php: Fix of 13 CVEs
CVE-2018-14883: fix int overflow leading to heap overflow in exifthumbnailextract - CVE-2019-6977: fix imagecolormatch out-of-bounds write on heap in GD - CVE-2019-9022: fix memcpy with negative length via crafted DNS response - CVE-2019-9640: fix invalid read in exifprocessSOFn - CVE-2019-11042:...
USN-8136-1 dovecot vulnerabilities
It was discovered that Dovecot incorrectly handled invalid base64 SASL data. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-59028 It was discovered that Dovecot script decode2text.sh incorrectly handled zip files. An attacke...
USN-8136-1: Dovecot vulnerabilities
It was discovered that Dovecot incorrectly handled invalid base64 SASL data. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-59028 It was discovered that Dovecot script decode2text.sh incorrectly handled zip files. An attacke...
CVE-2026-27857
Sending "NOOP ..." command with 4000 parenthesis open+close results in 1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can be left allocated for longer time periods by not sending the command ending LF. So attacker could connect possibly from even a single I...
CVE-2026-27857
Sending "NOOP ..." command with 4000 parenthesis open+close results in 1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can be left allocated for longer time periods by not sending the command ending LF. So attacker could connect possibly from even a single I...
RHEL 3 : squirrelmail (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 3 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - SquirrelMail: Mail Fetch plugin -- port-scans via non-standard POP3 server ports CVE-2010-1637 -...
Dovecot imap-login TLS Handshake Denial of Service Vulnerability
Dovecot is an open source based on Linux/UNIX-like systems IMAP and POP3 mail server . A denial of service vulnerability exists in Dovecot version 2.2.16 and earlier. Due to an imap-login related error in the program's handling of forced SSLv3 connections. An attacker can exploit the vulnerabilit...
MGASA-2014-0223 Updated dovecot packages fix security vulnerability
Updated dovecot packages fix security vulnerability. Dovecot before 2.2.13 is vulnerable to a DoS attack against imap/pop3-login processes. If SSL/TLS handshake was started but wasn't finished, the login process attempted to eventually forcibly disconnect the client, but failed to do it correctly...
CVE-2012-2124
functions/imapgeneral.php in SquirrelMail, as used in Red Hat Enterprise Linux RHEL 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service disk consumption by making many IMAP login attempts with different usernames, leading to...
Mercur Messaging 2005 - IMAP Login Buffer Overflow (Metasploit)
$Id: mercurlogin.rb 10150 2010-08-25 20:55:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...
CVE-2010-2813
functions/imapgeneral.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service disk consumption by making many IMAP login attempts with different usernames, leading to the creation of many preferences file...
eXtremail format string bugs
Format string bug in IMAP LOGIN command...