rpm package
suse/dovecot22&distro=SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
pkg:rpm/suse/dovecot22&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-4983 | — | < 2.2.13-4.1 | 2.2.13-4.1 | Nov 5, 2019 | A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. | ||
| CVE-2017-2669 | — | < 2.2.29.1-11.1 | 2.2.29.1-11.1 | Jun 21, 2018 | Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields | ||
| CVE-2017-15132 | — | < 2.2.31-19.5.1 | 2.2.31-19.5.1 | Jan 25, 2018 | A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process |
- CVE-2016-4983Nov 5, 2019affected < 2.2.13-4.1fixed 2.2.13-4.1
A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.
- CVE-2017-2669Jun 21, 2018affected < 2.2.29.1-11.1fixed 2.2.29.1-11.1
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields
- CVE-2017-15132Jan 25, 2018affected < 2.2.31-19.5.1fixed 2.2.31-19.5.1
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process