FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
d18f431d-d360-11eb-a32c-00a0989e4ec1dovecot -- multiple vulnerabilities

Dovecot team reports:

CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens in some configurations. This requires attacker to be able to write files to local disk.

CVE-2021-33515: On-path attacker could inject plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client. Only the SMTP submission service is affected.


Discovery 2021-03-22
Entry 2021-06-22
dovecot
ge 2.3.11 lt 2.3.14.1

CVE-2021-29157
https://dovecot.org/pipermail/dovecot-news/2021-June/000461.html
CVE-2021-33515
https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html