102 matches found
UBUNTU-CVE-2021-32055
Mutt 1.11.0 through 2.0.x before 2.0.7 and NeoMutt 2019-10-25 through 2021-05-04 has a $imapqresync issue in which imap/util.c has an out-of-bounds read in situations where an IMAP sequence set ends with a comma. NOTE: the $imapqresync setting for QRESYNC is not enabled by default...
DEBIAN-CVE-2021-20247
A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the...
TurkeyBombing Puts New Twist on Zoom Abuse
Millions of family and friends, forced to spend Thanksgiving socially distant, are being targeted by cybercriminals as they turn to video platforms like Zoom to virtually be together. In this ongoing attack, cybersecurity experts warn, victims are targeted with a Zoom-related and...
USN-4598-1 libetpan vulnerability
It was discovered that LibEtPan incorrectly handled STARTTLS when using IMAP, SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack. CVE-2020-15953...
UBUNTU-CVE-2020-12398
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird 68.9.0...
dovecot security and bug fix update
1:2.2.36-6 - fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes 1741787 1:2.2.36-5 - fix CVE-2019-3814: improper certificate validation 1674369 - fix CVE-2019-7524: buffer overflow in...
Fedora Update for imapfilter FEDORA-2019-90925dd5aa
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 31 Update: imapfilter-2.6.15-1.fc31
IMAPFilter is a mail filtering utility. It connects to remote mail servers using the Internet Message Access Protocol IMAP, sends searching queries to the server and processes mailboxes based on the results. It can be used to delete, copy, move, flag, etc. messages residing in mailboxes at the sa...
dovecot security and bug fix update
1:2.2.36-10 - fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes 1741788 1:2.2.36-9 - reset errno before iterating through users 1630410 1:2.2.36-8 - fix CVE-2019-3814: improper certificate...
OPENSUSE-SU-2019:2281-1 Security update for dovecot23
This update for dovecot23 fixes the following issues: - CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. bsc1145559 - CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel bsc1133625. - CVE-2019-11494: Fixed a...
SUSE-SU-2019:2514-1 Security update for dovecot23
This update for dovecot23 fixes the following issues: - CVE-2019-11500: Fixed the NUL byte handling in IMAP and ManageSieve protocol parsers. bsc1145559 - CVE-2019-11499: Fixed a vulnerability where the submission-login would crash over a TLS secured channel bsc1133625. - CVE-2019-11494: Fixed a...
SUSE-SU-2019:2454-1 Security update for dovecot22
This update for dovecot22 fixes the following issues: - CVE-2019-11500: Fixed a potential remote code execution in the IMAP and ManageSieve protocol parsers bsc1145559...
dovecot security update
1:2.0.9-22.1 - fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes 1752708...
dovecot security update
1:2.2.36-5.1 - fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes 1741788...
Important: Red Hat Security Advisory: dovecot security update
An update for dovecot is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
dovecot: improper NULL byte handling in IMAP and ManageSieve protocol parsers leads to out of bounds writes
A flaw was found in dovecot. IMAP and ManageSieve protocol parsers do not properly handle the NULL byte when scanning data in quoted strings which leads to an out of bounds heap memory write. The highest threat from this vulnerability is to data confidentiality and integrity as well as system...
dovecot security update
1:2.2.36-3.1 - fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes 1751383...
Fedora 29 : 1:dovecot (2019-59d60bd1fa)
CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has...
MGASA-2019-0261 Updated dovecot packages fix security vulnerability
Updated dovecot packages fix security vulnerability: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes...
[ASA-201908-18] dovecot: arbitrary code execution
Arch Linux Security Advisory ASA-201908-18 ========================================== Severity: Critical Date : 2019-08-28 CVE-ID : CVE-2019-11500 Package : dovecot Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1026 Summary ======= The package dovecot befo...