Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dovecot vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2017-15132
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the pr...
Dovecot Dovecot 2.3.0
Dovecot Dovecot
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
5.8
CVSSv2
CVE-2021-33515
The submission service in Dovecot prior to 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.
Dovecot Dovecot
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 10.0
5
CVSSv2
CVE-2019-11494
In the IMAP Server in Dovecot 2.3.3 up to and including 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.
Dovecot Dovecot
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.0
Opensuse Leap 15.1
5
CVSSv2
CVE-2019-11499
In the IMAP Server in Dovecot 2.3.3 up to and including 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.
Dovecot Dovecot
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.0
Opensuse Leap 15.1
5
CVSSv2
CVE-2006-0730
Multiple unspecified vulnerabilities in Dovecot prior to 1.0beta3 allow remote malicious users to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2)...
Timo Sirainen Dovecot
5.5
CVSSv2
CVE-2017-14461
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted ema...
Dovecot Dovecot 2.2.33.2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Ubuntu Ubuntu 14.04
Ubuntu Ubuntu 16.04
Ubuntu Ubuntu 17.10
4.3
CVSSv2
CVE-2017-15130
A denial of service flaw was found in dovecot prior to 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.
Dovecot Dovecot
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
6.4
CVSSv2
CVE-2008-4577
The ACL plugin in Dovecot prior to 1.1.4 treats negative access rights as if they are positive access rights, which allows malicious users to bypass intended access restrictions.
Dovecot Dovecot
Fedoraproject Fedora 9
Fedoraproject Fedora 8
Opensuse Opensuse 10.3-11.1
Canonical Ubuntu Linux 9.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 8.04
4.9
CVSSv2
CVE-2019-3814
It exists that Dovecot prior to 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
Dovecot Dovecot
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 12.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Opensuse Leap 42.3
2.1
CVSSv2
CVE-2016-4983
A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.
Dovecot Dovecot -
Opensuse Leap 42.1
Opensuse Leap 42.2
Opensuse Opensuse 13.2
Redhat Enterprise Linux 4.0
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 7.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »