Lucene search
GoogleOSV:USN-4993-1HistoryJun 21, 2021 - 1:50 p.m.
dovecot vulnerabilities
2021-06-2113:50:48
Google
osv.dev
12
dovecot
vulnerabilities
jwt tokens
validation
starttls
ubuntu 20.10
ubuntu 21.04
cve-2021-29157
cve-2021-33515
smtp
plaintext commands
Kirin discovered that Dovecot incorrectly escaped kid and azp fields in JWT
tokens. A local attacker could possibly use this issue to validate tokens
using arbitrary keys. This issue only affected Ubuntu 20.10 and Ubuntu
21.04. (CVE-2021-29157)
Fabian Ising and Damian Poddebniak discovered that Dovecot incorrectly
handled STARTTLS when using the SMTP submission service. A remote attacker
could possibly use this issue to inject plaintext commands before
STARTTLS negotiation. (CVE-2021-33515)
Related
nessus
nessus
SUSE SLES15 Security Update : dovecot23 (SUSE-SU-2021:2124-1)
2021-06-28 00:00:00
FreeBSD : dovecot -- multiple vulnerabilities (d18f431d-d360-11eb-a32c-00a0989e4ec1)
2021-06-25 00:00:00
SUSE SLES15 Security Update : dovecot23 (SUSE-SU-2021:2122-1)
2021-06-28 00:00:00
gentoo
gentoo
Dovecot: Multiple vulnerabilities
2021-07-18 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:2124-1)
2021-06-23 00:00:00
Ubuntu: Security Advisory (USN-4993-1)
2021-06-22 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:2122-1)
2021-06-23 00:00:00
suse
suse
Security update for dovecot23 (important)
2021-06-25 00:00:00
Security update for dovecot23 (important)
2021-07-11 00:00:00
Security update for dovecot23 (moderate)
2021-09-01 00:00:00
archlinux
archlinux
[ASA-202106-56] dovecot: information disclosure
2021-06-22 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package dovecot version 2.3.16-alt1
2021-08-19 00:00:00
freebsd
freebsd
dovecot -- multiple vulnerabilities
2021-03-22 00:00:00
ubuntu
ubuntu
Dovecot vulnerabilities
2021-06-21 00:00:00
mageia
mageia
Updated dovecot packages fix security vulnerabilities
2021-12-19 15:26:08
fedora
fedora
[SECURITY] Fedora 33 Update: dovecot-2.3.15-1.fc33
2021-07-05 01:36:13
[SECURITY] Fedora 34 Update: dovecot-2.3.15-1.fc34
2021-07-05 01:33:52
ubuntucve
ubuntucve
CVE-2021-33515
2021-06-21 00:00:00
CVE-2021-29157
2021-06-21 00:00:00
alpinelinux
alpinelinux
CVE-2021-33515
2021-06-28 13:15:20
CVE-2021-29157
2021-06-28 12:15:08
redhatcve
redhatcve
CVE-2021-29157
2021-06-21 15:05:59
CVE-2021-33515
2021-06-21 14:59:34
cbl_mariner
cbl_mariner
CVE-2021-33515 affecting package dovecot for versions less than 2.3.20-1
2023-09-28 11:57:58
CVE-2021-29157 affecting package dovecot for versions less than 2.3.20-1
2023-09-28 11:57:58
prion
prion
Command injection
2021-06-28 13:15:00
Path traversal
2021-06-28 12:15:00
nvd
nvd
CVE-2021-29157
2021-06-28 12:15:08
CVE-2021-33515
2021-06-28 13:15:20
hackerone
hackerone
Open-Xchange: Path Traversal in dict-fs and no-check Escape Character in oauth2-jwt
2021-03-22 09:56:04
Open-Xchange: Command Injection via STARTTLS in SMTP
2021-05-21 11:46:11
debiancve
debiancve
CVE-2021-29157
2021-06-28 12:15:08
CVE-2021-33515
2021-06-28 13:15:20
osv
osv
CVE-2021-29157
2021-06-28 12:15:08
Moderate: dovecot security update
2022-05-10 08:08:56
Moderate: dovecot security update
2022-05-10 08:08:56
cvelist
cvelist
CVE-2021-33515
2021-06-28 12:04:59
CVE-2021-29157
2021-06-28 11:58:41
almalinux
almalinux
Moderate: dovecot security update
2022-05-10 08:08:56
cve
cve
CVE-2021-29157
2021-06-28 12:15:08
CVE-2021-33515
2021-06-28 13:15:20
veracode
veracode
Arbitrary File Write
2021-06-23 19:01:08
Command Injection
2021-06-23 18:40:05
redhat
redhat
(RHSA-2022:1950) Moderate: dovecot security update
2022-05-10 08:08:56
rocky
rocky
dovecot security update
2022-05-10 08:08:56
oraclelinux
oraclelinux
dovecot security update
2022-05-17 00:00:00
threatpost
threatpost
Email Bug Allows Message Snooping, Credential Theft
2021-06-22 18:07:54
debian
debian
[SECURITY] [DLA 3122-1] dovecot security update
2022-09-27 04:16:59