FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-20 14:15:46 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6a6ad6cb-5c6c-11ef-b456-001e676bf734Dovecot -- DoS

Dovecot reports:

A DoS is possible with a large number of address headers or abnormally large email headers.


Discovery 2024-08-14
Entry 2024-08-16
dovecot
< 2.3.21.1

CVE-2024-23184
CVE-2024-23185
https://dovecot.org/mailman3/hyperkitty/list/dovecot-news@dovecot.org/thread/2CSVL56LFPAXVLWMGXEIWZL736PSYHP5/
d18f431d-d360-11eb-a32c-00a0989e4ec1dovecot -- multiple vulnerabilities

Dovecot team reports:

CVE-2021-29157: Dovecot does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens in some configurations. This requires attacker to be able to write files to local disk.

CVE-2021-33515: On-path attacker could inject plaintext commands before STARTTLS negotiation that would be executed after STARTTLS finished with the client. Only the SMTP submission service is affected.


Discovery 2021-03-22
Entry 2021-06-22
dovecot
>= 2.3.11 lt 2.3.14.1

CVE-2021-29157
https://dovecot.org/pipermail/dovecot-news/2021-June/000461.html
CVE-2021-33515
https://dovecot.org/pipermail/dovecot-news/2021-June/000462.html