Lucene search
K

16 matches found

OSV
OSV
added 2026/05/08 6:10 a.m.6 views

CLSA-2026-1778220630 dovecot: Fix of 3 CVEs

CVE-2026-27855: fix OTP authentication replay attack via auth cache - CVE-2026-27856: fix doveadm credential timing oracle - CVE-2026-27857: fix excessive memory usage from deeply nested IMAP command lists pre-auth ID command...

7.5CVSS5.8AI score0.00667EPSS
Exploits3References1
OSV
OSV
added 2026/04/16 1:15 p.m.6 views

SUSE-SU-2026:21208-1 Security update for dovecot24

This update for dovecot24 fixes the following issues: - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. -...

8.2CVSS5.8AI score0.0079EPSS
Exploits6References21
OSV
OSV
added 2026/04/16 1:10 p.m.7 views

OPENSUSE-SU-2026:20554-1 Security update for dovecot24

This update for dovecot24 fixes the following issues: - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031: decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing bsc1260895. -...

8.2CVSS5.8AI score0.0079EPSS
Exploits6References20
OSV
OSV
added 2026/04/11 2:3 p.m.6 views

OESA-2026-1849 dovecot security update

Dovecot is an IMAP server for Linux/UNIX-like systemsa wrapper package that will just handle common things for all versioned dovecot packages. Security Fixes: Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can u...

7.5CVSS5.8AI score0.0079EPSS
Exploits6References9
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-27855

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP...

6.8CVSS5.8AI score0.00338EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/03/27 8:10 a.m.3 views

CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP reply is valid. An attacker able to observe an OTP exchange is able to log in as the user. If...

6.8CVSS5.9AI score0.00338EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.6 views

PT-2026-28363

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.3 Description Dovecot OTP authentication is susceptible to a replay attack under certain conditions. Specifically, if the authentication cache is enabled and a username is modified within the passdb, OTP credentia...

7.7CVSS5.8AI score0.0079EPSS
Exploits7References31
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-2647

Malware in sbrugna...

8.6CVSS8.5AI score0.0145EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2020-10185

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside...

8.6CVSS7.8AI score0.0145EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2020/03/13 12:0 a.m.25 views

Debian DLA-2141-1 : yubikey-val security update

The following CVEs were reported against yubikey-val. CVE-2020-10184 The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. CVE-2020-10185 The sync endpoint in YubiKey...

8.6CVSS7.7AI score0.01504EPSS
Exploits2References4
OSV
OSV
added 2020/03/05 11:15 p.m.12 views

CVE-2020-10185

The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...

8.6CVSS8.3AI score
Exploits0References3
Prion
Prion
added 2020/03/05 11:15 p.m.12 views

Default configuration

The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...

6.8CVSS8.3AI score0.0145EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2020/03/05 11:15 p.m.4 views

UBUNTU-CVE-2020-10185

The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...

8.6CVSS5.8AI score0.0145EPSS
Exploits1References5
Cvelist
Cvelist
added 2020/03/05 10:48 p.m.21 views

CVE-2020-10185

The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT...

8.3AI score0.0145EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2020/03/05 10:48 p.m.46 views

CVE-2020-10185

Removed by vendor...

8.6CVSS8.6AI score0.0145EPSS
Exploits1
RubySec
RubySec
added 2015/09/17 12:0 a.m.21 views

devise-two-factor 1.1.0 and earlier vulnerable to replay attacks

A OTP replay vulnerability in devise-two-factor 1.1.0 and earlier allows local attackers to shoulder-surf a user's TOTP verification code and use it to login after the user has authenticated. By not "burning" a previously used TOTP, devise-two-factor allows a narrow window of opportunity aka the...

5.3CVSS2.6AI score0.01782EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder