Download
| Alert*
oval:org.secpod.oval:def:503580
Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ... oval:org.secpod.oval:def:503389 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ... oval:org.secpod.oval:def:70614 halfdog discovered an authentication bypass vulnerability in the Dovecot email server. Under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. If there is no additional password verification, this allows the attacker to login as anyone else in ... oval:org.secpod.oval:def:66471 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ... oval:org.secpod.oval:def:89003193 This update for dovecot22 fixes the following issues: Security issues fixed: - CVE-2019-7524: Fixed an improper file handling which could result in stack overflow allowing local root escalation . - CVE-2019-3814: Fixed a vulnerability related to SSL client certificate authentication . Other issue fi ... oval:org.secpod.oval:def:116838 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:1601131 In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components. It was discovered that Dovecot before versions 2.2.36.1 an ... oval:org.secpod.oval:def:116759 Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages. oval:org.secpod.oval:def:1504508 [1:2.2.36-10] - fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes [1:2.2.36-9] - reset errno before iterating through users [1:2.2.36-8] - fix CVE-2019-3814: improper certificate validation ... oval:org.secpod.oval:def:704485 dovecot: IMAP and POP3 email server Dovecot could be made to expose sensitive information over the network. oval:org.secpod.oval:def:603628 halfdog discovered an authentication bypass vulnerability in the Dovecot email server. Under some configurations Dovecot mistakenly trusts the username provided via authentication instead of failing. If there is no additional password verification, this allows the attacker to login as anyone else in ... oval:org.secpod.oval:def:205525 Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Security Fix: * dovecot: ... oval:org.secpod.oval:def:51212 dovecot: IMAP and POP3 email server Dovecot could be made to expose sensitive information over the network. oval:org.secpod.oval:def:1700381 In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components. It was discovered that Dovecot before versions 2.2.36.1 an ... oval:org.secpod.oval:def:1504402 [1:2.2.36-6] - fix CVE-2019-11500: IMAP protocol parser does not properly handle NUL byte when scanning data in quoted strings, leading to out of bounds heap memory writes [1:2.2.36-5] - fix CVE-2019-3814: improper certificate validation - fix CVE-2019-7524: buffer overflow in indexer-worker proce ... |