Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dovecot dovecot vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-34108
mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. A vulnerability has been discovered in mailcow which allows an malicious user to manipulate internal Dovecot variables by using s...
Mailcow Mailcow\\ Dockerized
8.8
CVSSv3
CVE-2023-26490
mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary permission - suffers from a shell command injection. A malicious user can abuse this...
Mailcow Mailcow\\ Dockerized
8.8
CVSSv3
CVE-2022-30550
An issue exists in the auth component in Dovecot 2.2 and 2.3 prior to 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied setti...
Dovecot Dovecot
Dovecot Dovecot 2.2
Debian Debian Linux 10.0
4.3
CVSSv3
CVE-2020-28200
The Sieve engine in Dovecot prior to 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.
Dovecot Dovecot
Fedoraproject Fedora 33
Fedoraproject Fedora 34
4.8
CVSSv3
CVE-2021-33515
The submission service in Dovecot prior to 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.
Dovecot Dovecot
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 10.0
5.5
CVSSv3
CVE-2021-29157
Dovecot prior to 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver.
Dovecot Dovecot
Fedoraproject Fedora 33
Fedoraproject Fedora 34
7.5
CVSSv3
CVE-2020-25275
Dovecot prior to 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.
Dovecot Dovecot
Debian Debian Linux 10.0
Fedoraproject Fedora 32
6.8
CVSSv3
CVE-2020-24386
An issue exists in Dovecot prior to 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
Dovecot Dovecot
Debian Debian Linux 10.0
Fedoraproject Fedora 32
7.5
CVSSv3
CVE-2020-26102
In cPanel prior to 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550).
Cpanel Cpanel
7.5
CVSSv3
CVE-2020-12100
In Dovecot prior to 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote malicious users to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.
Dovecot Dovecot
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »