| Max CVSS | 7.5 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2020-12674 | 5.0 |
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
|
03-02-2023 - 02:23 | 12-08-2020 - 16:15 | |
| CVE-2020-10967 | 5.0 |
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
|
13-10-2020 - 22:15 | 18-05-2020 - 15:15 | |
| CVE-2020-12674 | 5.0 |
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
|
25-09-2020 - 19:15 | 12-08-2020 - 16:15 | |
| CVE-2020-10967 | 5.0 |
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
|
25-09-2020 - 19:15 | 18-05-2020 - 15:15 | |
| CVE-2020-10957 | 5.0 |
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.
|
28-05-2020 - 04:15 | 18-05-2020 - 14:15 | |
| CVE-2019-11500 | 7.5 |
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
|
06-09-2019 - 15:15 | 29-08-2019 - 14:15 | |
| CVE-2019-3814 | 4.9 |
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
|
14-06-2019 - 03:29 | 27-03-2019 - 13:29 | |
| CVE-2019-7524 | 7.2 |
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
|
14-06-2019 - 03:29 | 28-03-2019 - 14:29 | |
| CVE-2014-3430 | 5.0 |
Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an I
|
29-12-2017 - 02:29 | 14-05-2014 - 19:55 | |
| CVE-2011-1929 | 5.0 |
lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a cr
|
17-08-2017 - 01:34 | 24-05-2011 - 23:55 | |
| CVE-2011-4318 | 5.8 |
Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows
|
07-03-2013 - 05:00 | 07-03-2013 - 01:55 | |
| CVE-2010-3780 | 4.0 |
Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
|
27-08-2011 - 03:44 | 06-10-2010 - 21:00 |