22 matches found
CVE-2026-28471
OpenClaw version 2026.1.14-1 prior to 2026.2.2, with the Matrix plugin installed and enabled, contain a vulnerability in which DM allowlist matching could be bypassed by exact-matching against sender display names and localparts without homeserver validation. Remote Matrix users can impersonate...
CVE-2026-28471
OpenClaw version 2026.1.14-1 prior to 2026.2.2, with the Matrix plugin installed and enabled, contain a vulnerability in which DM allowlist matching could be bypassed by exact-matching against sender display names and localparts without homeserver validation. Remote Matrix users can impersonate...
CVE-2026-28471 OpenClaw 2026.1.14-1 < 2026.2.2 - Allowlist Bypass via displayName and Cross-Homeserver localpart Matching in Matrix Plugin
OpenClaw version 2026.1.14-1 prior to 2026.2.2, with the Matrix plugin installed and enabled, contain a vulnerability in which DM allowlist matching could be bypassed by exact-matching against sender display names and localparts without homeserver validation. Remote Matrix users can impersonate...
CVE-2026-28471
OpenClaw is affected (version 2026.1.14-1 before 2026.2.2) with the Matrix plugin installed. The vulnerability allows bypassing DM allowlist matching by exact-matching sender display names and localparts without homeserver validation, enabling remote Matrix users to impersonate allowed identities...
CVE-2026-28471 OpenClaw 2026.1.14-1 < 2026.2.2 - Allowlist Bypass via displayName and Cross-Homeserver localpart Matching in Matrix Plugin
OpenClaw version 2026.1.14-1 prior to 2026.2.2, with the Matrix plugin installed and enabled, contain a vulnerability in which DM allowlist matching could be bypassed by exact-matching against sender display names and localparts without homeserver validation. Remote Matrix users can impersonate...
EUVD-2026-9917
OpenClaw version 2026.1.14-1 prior to 2026.2.2, with the Matrix plugin installed and enabled, contain a vulnerability in which DM allowlist matching could be bypassed by exact-matching against sender display names and localparts without homeserver validation. Remote Matrix users can impersonate...
OpenClaw has a Matrix allowlist bypass via displayName and cross-homeserver localpart matching
Summary OpenClaw Matrix DM allowlist matching could be bypassed in certain configurations. Matrix support ships as an optional plugin not bundled with the core install, so this only affects deployments that have installed and enabled the Matrix plugin. Affected Packages / Versions - Package:...
PT-2026-23546
Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.1.14-1 through 2026.2.1 Description The software contains a flaw where direct message DM allowlist matching can be circumvented by precisely matching sender display names and localparts without homeserver verification...
SUSE CVE-2020-10967
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart...
dovecot security update
1:2.3.8-4 - fix CVE-2020-12100 resource exhaustion via deeply nested MIME parts 1866756 - fix CVE-2020-12673 out of bound reads in dovecot NTLM implementation 1866761 - fix CVE-2020-12674 crash due to assert in RPA implementation 1866768 1:2.3.8-3 - fix CVE-2020-10957 dovecot: malformed NOOP...
dovecot: sending mail with empty quoted localpart leads to DoS
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart...
Denial Of Service (DoS)
Dovecot is vulnerable to denial of service DoS. A remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart...
Dovecot Input Validation Error Vulnerability (CNVD-2020-30670)
Dovecot is an open source based on Linux/UNIX-like systems IMAP and POP3 mail server . Dovecot suffers from an input validation error vulnerability. An attacker can exploit this vulnerability by sending an email with an empty localpart to cause the local mail transport protocol or the commit...
ALPINE-CVE-2020-10967
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart...
CVE-2020-10967
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart...
DEBIAN-CVE-2020-10967
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart...
Code injection
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart...
CVE-2020-10967
CVE-2020-10967 affects Dovecot before 2.3.10.1. The issue resides in the lmtp/submission path where handling an email with an empty localpart can crash the target, causing denial of service. Public advisories summarize this alongside other fixes for CVEs 10957/10958, with exploitation vector remo...
CVE-2020-10967
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart...
UBUNTU-CVE-2020-10967
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart...