CVSS: 7.5EPSS: 9%CPEs: 82EXPL: 0CVE-2014-3430 – dovecot: denial of service through maxxing out SSL connections
https://notcve.org/view.php?id=CVE-2014-3430
14 May 2014 — Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection. Dovecot 1.1 anterior a 2.2.13 y dovecot-ee anterior a 2.1.7.7 y 2.2.x anterior a 2.2.12.12 no cierra debidamente conexiones antiguas, lo que permite a atacantes remotos causar una denegación de servicio (consumo de recursos) a través de una ... • http://advisories.mageia.org/MGASA-2014-0223.html • CWE-287: Improper Authentication CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 51EXPL: 0CVE-2013-6171 – Ubuntu Security Notice USN-3556-2
https://notcve.org/view.php?id=CVE-2013-6171
09 Dec 2013 — checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server. checkpassword-reply en Dovecot anteriores a 2.2.7 ejecuta operaciones setuid a usuarios que se están autenticando, lo cual permite a usuarios locales sortear la autenticación y accede... • http://cpanel.net/tsr-2013-0010-full-disclosure • CWE-287: Improper Authentication •