Red Hat Security Advisory 2020-4655-01 - The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. Issues addressed include bypass and privilege escalation vulnerabilities.
351b1e471e4038244a22555e9ae5e3516d9d76c701f6e5c112212a28d3c5a7d5Ubuntu Security Notice 4598-1 - It was discovered that LibEtPan incorrectly handled STARTTLS when using IMAP, SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack.
d19bb3d7c5778cad2232b0d3f1d4767258f76d7dff5b87c5147ddaeec6110b97Ubuntu Security Notice 4566-1 - It was discovered that Cyrus IMAP Server could execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code. It was discovered that the Cyrus IMAP Server allow users to create any mailbox with administrative privileges. A local attacker could use this to obtain sensitive information. Various other issues were also addressed.
b29e714d866e6ec6075866950847cbd51cb8d46269dd8a4d6182d91d2d346043Red Hat Security Advisory 2020-3736-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include a resource exhaustion vulnerability.
f2f761dd7dde49bfd4aa597adb004d01505647c371efea19e6e4504615a4b0aaRed Hat Security Advisory 2020-3735-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include a resource exhaustion vulnerability.
dd5369db54a4b97a48e0ec79ac558ed78b8cc59d447c2e0929f168ab5654f573Red Hat Security Advisory 2020-3713-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include a resource exhaustion vulnerability.
fb59fad9d07e625d5f38b44bf743d2a63224244c690ddb5fc7e29a99b4d2b051Red Hat Security Advisory 2020-3617-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include a resource exhaustion vulnerability.
3e7cf4227b43d701bce0f2c45f34690a4bc28657983ceb7b548761524b3dd143Debian Linux Security Advisory 4744-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, is prone to cross-site scripting vulnerabilities in handling invalid svg and math tag content.
1cd30b3d54f45f2e18cfaf9ea71c657a8c040777efe171720fd0843567fa80a8THC-Hydra is a high quality parallelized login hacker for Samba, Smbnt, Cisco AAA, FTP, POP3, IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS, Cisco and more. Includes SSL support, parallel scans, and is part of Nessus.
ce08a5148c0ae5ff4b0a4af2f7f15c5946bc939a57eae1bbb6dda19f34410273Debian Linux Security Advisory 4720-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not properly sanitize incoming mail messages. This would allow a remote attacker to perform a Cross-Side Scripting (XSS) attack.
a1082ac356bdf794a43089699725458da901a1052513fa58393c6091380b3db2Red Hat Security Advisory 2020-2901-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include a denial of service vulnerability.
5388b840d07a416917d8e654fc7d471e63221776509c441b201c96ca12a3a5efUbuntu Security Notice 4421-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. It was discovered that Thunderbird would continue an unencrypted connection when configured to use STARTTLS for IMAP if the server responded with PREAUTH. A remote attacker could potentially exploit this to perform a person-in-the-middle attack in order to obtain sensitive information. Various other issues were also addressed.
e29ba156301d1adef5ee70accc941815f87182af2911cd015ba0d303ce8a38ffDebian Linux Security Advisory 4700-1 - Matei Badanoiu and LoRexxar@knownsec discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow a remote attacker to perform a Cross-Side Scripting (XSS) attack leading to the execution of arbitrary code.
b99b9b11ff30b56084ed6513563f9c002ec060e4d60de71d6f65480ab9c34ebaDebian Linux Security Advisory 4702-1 - Multiple security issues have been found in Thunderbird which could result in the setup of a non-encrypted IMAP connection, denial of service or potentially the execution of arbitrary code.
d513edf1d7468e2dab27753b936d34950fbe909c5cde81e5cccba7e63432acc9Gentoo Linux Security Advisory 202006-23 - An error in Cyrus IMAP Server allows mailboxes to be created with administrative privileges. Versions less than 3.0.13 are affected.
1e7bbbfed2c2de886311d93aac435e0c81676a96a5713624632764df5154c6ffDebian Linux Security Advisory 4674-1 - It was discovered that roundcube, a skinnable AJAX based webmail solution for IMAP servers, did not correctly process and sanitize requests. This would allow a remote attacker to perform either a Cross-Site Request Forgery (CSRF) forcing an authenticated user to be logged out, or a Cross-Side Scripting (XSS) leading to execution of arbitrary code.
1a0e4fd0c77e5eb1e095f0a4465f6f037d2438c0aa3169e10e182197a9f7487eRed Hat Security Advisory 2020-1062-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include a buffer overflow vulnerability.
1517dbf1863f00fb4691f1e13a0cdc1507d4badbd0e6e5642066299d6a0fc9c0Red Hat Security Advisory 2020-1126-01 - Mutt is a low resource, highly configurable, text-based MIME e-mail client. Mutt supports most e-mail storing formats, such as mbox and Maildir, as well as most protocols, including POP3 and IMAP. Issues addressed include a traversal vulnerability.
51da40e755d924d1a9576563d313463825ae27b0743c72e3acae30aa90da2638Debian Linux Security Advisory 4590-1 - It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks.
7499dbe419697acfe2027ceca0aba6b752a7e8780a14c7275faefccefb192664Red Hat Security Advisory 2019-3467-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. An improper certificate validation flaw was addressed.
8027c31b4c10faece7b28da784f2a6a05ab98330fb28f169af820461e3f809abUbuntu Security Notice 4160-1 - It was discovered that UW IMAP incorrectly handled inputs. A remote attacker could possibly use this issue to execute arbitrary OS commands.
f9b592cd57c66a41cc2572df5f2ffeecfd664269e7de497697149a9115f866a9Red Hat Security Advisory 2019-2885-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include an out of bounds write vulnerability.
9fd2c275018a733cb0c3bfff40805dbf55029a0ac78e0633b48964b677b6156cRed Hat Security Advisory 2019-2836-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include an out of bounds write vulnerability.
a9cc8d9231e99e2caa2a016b2b5c2aefe8c8ab89d85e66e08bddff1d43b5608bRed Hat Security Advisory 2019-2822-01 - Dovecot is an IMAP server for Linux and other UNIX-like systems, written primarily with security in mind. It also contains a small POP3 server, and supports e-mail in either the maildir or mbox format. The SQL drivers and authentication plug-ins are provided as subpackages. Issues addressed include an out of bounds write vulnerability.
5d98bb169c0022e723dbcc0170c5cc39144a84d85aedfaccd46b356f884baf14Red Hat Security Advisory 2019-2799-01 - Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a focus on high concurrency, performance and low memory usage. Issues addressed include a denial of service vulnerability.
6db2fc5ba5ae499fa0f7a4bbbc155d6d378588483e1d08e6c8fed16e216519c8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed