FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-24 18:35:25 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
bd98066d-4ea4-11eb-b412-e86a64caca56 | mail/dovecot -- multiple vulnerabilities
Aki Tuomi reports:
When imap hibernation is active, an attacker can cause Dovecot to
discover file system directory structure and access other users'
emails using specially crafted command.
The attacker must have valid credentials to access the
mail server.
Mail delivery / parsing crashed when the 10 000th MIME part was
message/rfc822 (or if parent was multipart/digest). This happened
due to earlier MIME parsing changes for CVE-2020-12100.
Discovery 2020-08-17 Entry 2021-01-04 dovecot
< 2.3.13
https://dovecot.org/pipermail/dovecot-news/2021-January/000448.html
CVE-2020-24386
CVE-2020-25275
|
87a07de1-e55e-4d51-bb64-8d117829a26a | mail/dovecot -- multiple vulnerabilities
Aki Tuomi reports:
Parsing mails with a large number of MIME parts could
have resulted in excessive CPU usage or a crash due to running out of
stack memory..
Dovecot's NTLM implementation does not correctly check
message buffer size, which leads to reading past allocation which can
lead to crash
lmtp/submission: Issuing the RCPT command with an
address that has the empty quoted string as local-part causes the lmtp
service to crash.
Dovecot's RPA mechanism implementation accepts
zero-length message, which leads to assert-crash later on.
Discovery 2020-04-23 Entry 2020-08-13 dovecot
< 2.3.11
https://dovecot.org/pipermail/dovecot-news/2020-August/000440.html
CVE-2020-12100
CVE-2020-12673
CVE-2020-10967
CVE-2020-12674
|