Lucene search
K

30 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Firefox and Thunderbird

When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with the expected state of the cookie jar. This could result in requests being sent with some cookies missing. This vulnerability affects Firefox 116, Firefox ESR...

7.5CVSS6.7AI score0.00614EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.9 views

Debian dla-4556 : dovecot-auth-lua - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4556 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4556-1 [email protected]...

7.5CVSS5.5AI score0.0079EPSS
Exploits6References18
Packet Storm
Packet Storm
added 2026/04/22 12:0 a.m.110 views

📄 Dovecot passwd-file Path Traversal

This Metasploit auxiliary module targets a path traversal vulnerability in Dovecot's passwd-file authentication backend when per-domain configuration is enabled. ================================================================================================================================== |...

5.3CVSS5.7AI score0.00427EPSS
Exploits1
OSV
OSV
added 2026/04/11 2:3 p.m.6 views

OESA-2026-1849 dovecot security update

Dovecot is an IMAP server for Linux/UNIX-like systemsa wrapper package that will just handle common things for all versioned dovecot packages. Security Fixes: Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can u...

7.5CVSS5.8AI score0.0079EPSS
Exploits6References9
NVD
NVD
added 2026/04/02 9:16 a.m.2 views

CVE-2026-29134

SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions...

7.5CVSS0.00225EPSS
Exploits0References1
CVE
CVE
added 2026/04/02 8:29 a.m.11 views

CVE-2026-29134

SEPPmail Secure Email Gateway is affected prior to version 15.0.3. The issue allows an external user to modify GINA webdomain metadata and bypass per‑domain restrictions, arising from the ability to change GINA metadata rather than a broader exploit chain. Documents consistently describe the vuln...

7.5CVSS5.9AI score0.00225EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/28 6:29 p.m.10 views

SUSE CVE-2026-0394

When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...

5.3CVSS5.7AI score0.00427EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/27 9:31 a.m.3 views

EUVD-2026-16559

When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...

5.3CVSS5.7AI score0.00427EPSS
Exploits1References2
NVD
NVD
added 2026/03/27 9:16 a.m.3 views

CVE-2026-0394

When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...

5.3CVSS0.00427EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/03/27 8:10 a.m.8 views

CVE-2026-0394

When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...

5.3CVSS5.3AI score0.00427EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/27 8:10 a.m.27 views

CVE-2026-0394

When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...

5.3CVSS0.00427EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/27 8:10 a.m.6 views

CVE-2026-0394

When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...

5.3CVSS5.7AI score0.00427EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 8:10 a.m.7 views

CVE-2026-0394

When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...

5.3CVSS5.7AI score0.00427EPSS
Exploits1References2
CVE
CVE
added 2026/03/27 8:10 a.m.40 views

CVE-2026-0394

Dovecot is affected when per-domain passwd files are configured and placed one path component above /etc, or when a slash is added to allowed characters, allowing path traversal via a domain component that is a directory partial. This can enable reading /etc/passwd (or other paths ending with pas...

5.3CVSS5.7AI score0.00427EPSS
Exploits1References1Affected Software2
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.8 views

Open-Xchange OX Dovecot Pro 安全漏洞

Open-Xchange OX Dovecot Pro is an email storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a security vulnerability, which stems from the use of passwd files for each domain. This configuration allows for path traversal attacks, potentially...

5.3CVSS5.8AI score0.00427EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 12:0 a.m.2 views

UBUNTU-CVE-2026-0394

When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...

5.3CVSS5.7AI score0.00427EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/03/27 12:0 a.m.4 views

CVE-2026-0394

When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the domain component is directory partial. This allows inadvertently reading /etc/passwd or some other pa...

5.3CVSS5.8AI score0.00427EPSS
Exploits1References3
AstraLinux
AstraLinux
added 2026/01/13 2:1 p.m.3 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change findvirq to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. Remove the BUGON function from bindvirqtoirq to propagate the error upwards. Some VIRQs...

5.6AI score0.00166EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/12 12:30 p.m.9 views

EUVD-2025-124923

In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change findvirq to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUGON from bindvirqtoirq to propogate the error upwards. Some VIRQ...

5.7AI score0.00166EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/11/12 10:24 a.m.13 views

CVE-2025-40160 xen/events: Return -EEXIST for bound VIRQs

In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change findvirq to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUGON from bindvirqtoirq to propogate the error upwards. Some VIRQ...

0.00166EPSS
Exploits0References4
Rows per page
Query Builder