Lucene search
K

19 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.15 views

EUVD-2025-21048

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00166EPSS
Exploits0References1
NVD
NVD
added 2025/07/10 7:15 p.m.30 views

CVE-2025-53709

Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service only installed on a small number of environments. Under specific circumstances, privileged users of secure-upload could have selected email templates not necessarily...

5.4CVSS0.00166EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/10 12:0 a.m.9 views

PT-2025-29134 · Unknown · Secure-Upload

Name of the Vulnerable Software and Affected Versions: Secure-upload versions prior to 0.815.0 Description: Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service was installed on a limited number of environments. Privileged...

5.4CVSS6.4AI score0.00166EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.3 views

SUSE CVE-2021-33515

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address...

4.2CVSS7.4AI score0.02837EPSS
Exploits0References9
OSV
OSV
added 2021/07/17 11:3 a.m.3 views

OESA-2021-1270 dovecot security update

Dovecot is an IMAP server for Linux/UNIX-like systemsa wrapper package that will just handle common things for all versioned dovecot packages. Security Fixes: The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular...

5.8CVSS7.3AI score0.02837EPSS
Exploits0References3
NVD
NVD
added 2021/06/28 1:15 p.m.27 views

CVE-2021-33515

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address...

5.8CVSS0.02837EPSS
Exploits0References6
OSV
OSV
added 2021/06/28 1:15 p.m.1 views

DEBIAN-CVE-2021-33515

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address...

4.8CVSS6.9AI score0.02837EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/06/28 12:4 p.m.28 views

CVE-2021-33515

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address...

6.7AI score0.02837EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2021/06/28 12:4 p.m.28 views

CVE-2021-33515

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address...

5.8CVSS5.9AI score0.02837EPSS
Exploits0
OpenVAS
OpenVAS
added 2021/06/28 12:0 a.m.26 views

Dovecot 2.3.0 - 2.3.14 Information Disclosure Vulnerability

Dovecot is prone to an information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software;...

5.8CVSS5.4AI score0.02837EPSS
Exploits0References2
Veracode
Veracode
added 2021/06/23 6:40 p.m.28 views

Command Injection

dovecot is vulnerable to command injection. On-path attacker could inject plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client. Only the SMTP submission service is affected...

4.8CVSS3.7AI score0.02837EPSS
Exploits0References9Affected Software1
Ubuntu
Ubuntu
added 2021/06/21 1:50 p.m.122 views

USN-4993-1: Dovecot vulnerabilities

Kirin discovered that Dovecot incorrectly escaped kid and azp fields in JWT tokens. A local attacker could possibly use this issue to validate tokens using arbitrary keys. This issue only affected Ubuntu 20.10 and Ubuntu 21.04. CVE-2021-29157 Fabian Ising and Damian Poddebniak discovered that...

7.5CVSS7.4AI score0.02837EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2021/06/21 12:0 p.m.57 views

CVE-2021-33515

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address...

5.8CVSS6.8AI score0.02837EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/06/21 12:0 a.m.8 views

PT-2021-3385 · Dovecot +9 · Dovecot +9

Name of the Vulnerable Software and Affected Versions: Dovecot versions prior to 2.3.15 Description: The issue is related to the submission service in Dovecot, which allows STARTTLS command injection in lib-smtp. This can lead to sensitive information being redirected to an attacker-controlled...

9.8CVSS6.5AI score0.62579EPSS
Exploits15References101
FreeBSD
FreeBSD
added 2021/03/22 12:0 a.m.44 views

dovecot -- multiple vulnerabilities

Dovecot team reports: CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens in some configurations. This requires attacker to be able to write files to local disk. CVE-2021-33515: On-path attacker...

7.5CVSS1.8AI score0.02837EPSS
Exploits0References2
ThreatPost
ThreatPost
added 2020/11/19 9:34 p.m.108 views

German COVID-19 Contact-Tracing Vulnerability Allowed RCE

A security vulnerability in the infrastructure underlying Germany’s official COVID-19 contact-tracing app, called the Corona-Warn-App CWA, would have allowed pre-authenticated remote code execution RCE. Researcher Alvaro Muñoz wrote in a report this week that he and his team at GitHub Security La...

7.8AI score
Exploits0References9
RedHat Linux
RedHat Linux
added 2020/07/13 8:32 p.m.9 views

dovecot: malformed NOOP commands leads to DoS

A flaw was found in Dovecot, where it did not properly handle certain malformed NOOP commands. This flaw allows a malicious attacker to cause the submission, submission-login, or lmtp services to crash by sending specially crafted commands...

7.5CVSS7.1AI score0.07167EPSS
Exploits3References5
Positive Technologies
Positive Technologies
added 2020/05/18 12:0 a.m.9 views

PT-2020-12449 · Dovecot +7 · Dovecot +7

Name of the Vulnerable Software and Affected Versions: Dovecot versions prior to 2.3.10.1 Description: A crafted SMTP/LMTP message can trigger an unauthenticated use-after-free bug in submission-login, submission, or lmtp, leading to a crash under circumstances involving many newlines after a...

9.8CVSS6.4AI score0.62579EPSS
Exploits14References88
OSV
OSV
added 2019/05/08 6:29 p.m.1 views

ALPINE-CVE-2019-11494

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command...

7.5CVSS7AI score0.02433EPSS
Exploits0References1
Rows per page
Query Builder