rpm package
suse/dovecot22&distro=SUSE Linux Enterprise Software Development Kit 12 SP1
pkg:rpm/suse/dovecot22&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP1
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2016-4983 | — | < 2.2.13-4.1 | 2.2.13-4.1 | Nov 5, 2019 | A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files. | ||
| CVE-2017-2669 | — | < 2.2.29.1-11.1 | 2.2.29.1-11.1 | Jun 21, 2018 | Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields |
- CVE-2016-4983Nov 5, 2019affected < 2.2.13-4.1fixed 2.2.13-4.1
A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.
- CVE-2017-2669Jun 21, 2018affected < 2.2.29.1-11.1fixed 2.2.29.1-11.1
Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_expand() to perform %variable expansion. Sending specially crafted %variable fields