rpm package
suse/dovecot23&distro=SUSE Manager Retail Branch Server 4.0
pkg:rpm/suse/dovecot23&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-28200 | — | < 2.3.15-27.3 | 2.3.15-27.3 | Jun 28, 2021 | The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension. | ||
| CVE-2021-33515 | — | < 2.3.11.3-24.1 | 2.3.11.3-24.1 | Jun 28, 2021 | The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address. | ||
| CVE-2021-29157 | — | < 2.3.11.3-24.1 | 2.3.11.3-24.1 | Jun 28, 2021 | Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver. |
- CVE-2020-28200Jun 28, 2021affected < 2.3.15-27.3fixed 2.3.15-27.3
The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.
- CVE-2021-33515Jun 28, 2021affected < 2.3.11.3-24.1fixed 2.3.11.3-24.1
The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.
- CVE-2021-29157Jun 28, 2021affected < 2.3.11.3-24.1fixed 2.3.11.3-24.1
Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver.