Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dovecot dovecot vulnerabilities and exploits
(subscribe to this query)
490
VMScore
CVE-2017-14461
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted ema...
Dovecot Dovecot 2.2.33.2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Ubuntu Ubuntu 14.04
Ubuntu Ubuntu 16.04
Ubuntu Ubuntu 17.10
490
VMScore
CVE-2010-3706
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x prior to 1.2.15 and 2.0.x prior to 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circ...
Dovecot Dovecot 1.2.2
Dovecot Dovecot 1.2.7
Dovecot Dovecot 1.2.4
Dovecot Dovecot 1.2.9
Dovecot Dovecot 1.2.11
Dovecot Dovecot 1.2.1
Dovecot Dovecot 1.2.13
Dovecot Dovecot 1.2.8
Dovecot Dovecot 1.2.6
Dovecot Dovecot 1.2.5
Dovecot Dovecot 1.2.10
Dovecot Dovecot 1.2.14
Dovecot Dovecot 1.2.3
Dovecot Dovecot 1.2.0
Dovecot Dovecot 1.2.12
Dovecot Dovecot 2.0.4
Dovecot Dovecot 2.0.2
Dovecot Dovecot 2.0.1
Dovecot Dovecot 2.0.3
Dovecot Dovecot 2.0.0
490
VMScore
CVE-2010-3707
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x prior to 1.2.15 and 2.0.x prior to 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circ...
Dovecot Dovecot 1.2.2
Dovecot Dovecot 1.2.7
Dovecot Dovecot 1.2.4
Dovecot Dovecot 1.2.9
Dovecot Dovecot 1.2.11
Dovecot Dovecot 1.2.1
Dovecot Dovecot 1.2.13
Dovecot Dovecot 1.2.8
Dovecot Dovecot 1.2.6
Dovecot Dovecot 1.2.5
Dovecot Dovecot 1.2.10
Dovecot Dovecot 1.2.14
Dovecot Dovecot 1.2.3
Dovecot Dovecot 1.2.0
Dovecot Dovecot 1.2.12
Dovecot Dovecot 2.0.4
Dovecot Dovecot 2.0.2
Dovecot Dovecot 2.0.1
Dovecot Dovecot 2.0.3
Dovecot Dovecot 2.0.0
446
VMScore
CVE-2020-12100
In Dovecot prior to 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote malicious users to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.
Dovecot Dovecot
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
445
VMScore
CVE-2020-25275
Dovecot prior to 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.
Dovecot Dovecot
Debian Debian Linux 10.0
Fedoraproject Fedora 32
445
VMScore
CVE-2020-26102
In cPanel prior to 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550).
Cpanel Cpanel
445
VMScore
CVE-2020-12673
In Dovecot prior to 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
Dovecot Dovecot
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
445
VMScore
CVE-2020-12674
In Dovecot prior to 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
Dovecot Dovecot
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
445
VMScore
CVE-2020-10967
In Dovecot prior to 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
Dovecot Dovecot
445
VMScore
CVE-2020-10957
In Dovecot prior to 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.
Dovecot Dovecot
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »