26 matches found
dovecot: Fix of 2 CVEs
CVE-2026-42006: lib-imap: fix listcountlimit to actually count open '' instead of close '', preventing an imap-login memory-exhaustion DoS that bypassed the CVE-2026-27857 fix...
CLSA-2026-1779360319 dovecot: Fix of CVE-2026-42006
CVE-2026-42006: fix imap-login listcountlimit to actually limit open '' characters; the previous fix limited closing '' instead, leaving the bracing memory exhaustion vector open...
CLSA-2026-1779360288 dovecot: Fix of CVE-2026-42006
CVE-2026-42006: fix imap-login listcountlimit to actually limit open '' characters; the previous fix limited closing '' instead, leaving the bracing memory exhaustion vector open...
dovecot: Fix of CVE-2026-27857
CVE-2026-27857: imap-login: limit IMAP parser open lists to prevent excessive memory usage...
CLSA-2026-1778022490 dovecot: Fix of CVE-2026-27857
CVE-2026-27857: limit number of open IMAP parser lists in imap-login to prevent excessive memory usage DoS via deeply-nested parentheses...
CLSA-2026-1777976700 dovecot: Fix of CVE-2026-27857
CVE-2026-27857: limit the number of open IMAP parser lists in imap-login to prevent excessive memory usage from deeply nested parentheses e.g. NOOP...
CLSA-2026-1777946242 php: Fix of 13 CVEs
CVE-2018-14883: fix int overflow leading to heap overflow in exifthumbnailextract - CVE-2019-6977: fix imagecolormatch out-of-bounds write on heap in GD - CVE-2019-9022: fix memcpy with negative length via crafted DNS response - CVE-2019-9640: fix invalid read in exifprocessSOFn - CVE-2019-11042:...
USN-8136-1: Dovecot vulnerabilities
It was discovered that Dovecot incorrectly handled invalid base64 SASL data. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-59028 It was discovered that Dovecot script decode2text.sh incorrectly handled zip files. An attacke...
USN-8136-1 dovecot vulnerabilities
It was discovered that Dovecot incorrectly handled invalid base64 SASL data. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-59028 It was discovered that Dovecot script decode2text.sh incorrectly handled zip files. An attacke...
CVE-2026-27857
Sending "NOOP ..." command with 4000 parenthesis open+close results in 1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can be left allocated for longer time periods by not sending the command ending LF. So attacker could connect possibly from even a single I...
CVE-2026-27857
Sending "NOOP ..." command with 4000 parenthesis open+close results in 1MB extra memory usage. Longer commands will result in client disconnection. This 1 MB can be left allocated for longer time periods by not sending the command ending LF. So attacker could connect possibly from even a single I...
EUVD-2012-2126
Malware in sbrugna...
EUVD-2006-1162
Malware in sbrugna...
EUVD-2010-2817
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2010-2813
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - functions/imapgeneral.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial ...
RHEL 3 : squirrelmail (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 3 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - SquirrelMail: Mail Fetch plugin -- port-scans via non-standard POP3 server ports CVE-2010-1637 -...
Dovecot imap-login TLS Handshake Denial of Service Vulnerability
Dovecot is an open source based on Linux/UNIX-like systems IMAP and POP3 mail server . A denial of service vulnerability exists in Dovecot version 2.2.16 and earlier. Due to an imap-login related error in the program's handling of forced SSLv3 connections. An attacker can exploit the vulnerabilit...
MGASA-2014-0223 Updated dovecot packages fix security vulnerability
Updated dovecot packages fix security vulnerability. Dovecot before 2.2.13 is vulnerable to a DoS attack against imap/pop3-login processes. If SSL/TLS handshake was started but wasn't finished, the login process attempted to eventually forcibly disconnect the client, but failed to do it correctly...
CVE-2012-2124
functions/imapgeneral.php in SquirrelMail, as used in Red Hat Enterprise Linux RHEL 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service disk consumption by making many IMAP login attempts with different usernames, leading to...
Mercur Messaging 2005 - IMAP Login Buffer Overflow (Metasploit)
$Id: mercurlogin.rb 10150 2010-08-25 20:55:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/...