Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dovecot dovecot - vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-12673
In Dovecot prior to 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
Dovecot Dovecot
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
7.5
CVSSv3
CVE-2020-12674
In Dovecot prior to 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
Dovecot Dovecot
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
5.3
CVSSv3
CVE-2020-10967
In Dovecot prior to 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
Dovecot Dovecot
7.5
CVSSv3
CVE-2020-10957
In Dovecot prior to 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.
Dovecot Dovecot
5.3
CVSSv3
CVE-2020-10958
In Dovecot prior to 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.
Dovecot Dovecot
5.3
CVSSv3
CVE-2020-7957
The IMAP and LMTP components in Dovecot 2.3.9 prior to 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of their messages.
Dovecot Dovecot
Fedoraproject Fedora 30
Fedoraproject Fedora 31
7.5
CVSSv3
CVE-2020-7046
lib-smtp in submission-login and lmtp in Dovecot 2.3.9 prior to 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop.
Dovecot Dovecot
Fedoraproject Fedora 30
Fedoraproject Fedora 31
5.3
CVSSv3
CVE-2019-19722
In Dovecot prior to 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.
Dovecot Dovecot
Fedoraproject Fedora 30
Fedoraproject Fedora 31
3.3
CVSSv3
CVE-2016-4983
A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.
Dovecot Dovecot -
Opensuse Leap 42.1
Opensuse Leap 42.2
Opensuse Opensuse 13.2
Redhat Enterprise Linux 4.0
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 7.0
9.8
CVSSv3
CVE-2019-11500
In Dovecot prior to 2.2.36.4 and 2.3.x prior to 2.3.7.2 (and Pigeonhole prior to 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
Dovecot Dovecot
Dovecot Pigeonhole
Debian Debian Linux 8.0
Fedoraproject Fedora 30
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »