Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dovecot vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2019-7524
In Dovecot prior to 2.2.36.3 and 2.3.x prior to 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
Dovecot Dovecot
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Opensuse Leap 42.3
Opensuse Leap 15.0
5
CVSSv2
CVE-2020-12673
In Dovecot prior to 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
Dovecot Dovecot
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
5
CVSSv2
CVE-2020-12674
In Dovecot prior to 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
Dovecot Dovecot
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
5
CVSSv2
CVE-2020-12100
In Dovecot prior to 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote malicious users to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.
Dovecot Dovecot
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
4.4
CVSSv2
CVE-2009-2632
Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 prior to 1.0.4 and 1.1 prior to 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted S...
Cmu Cyrus Imap Server 2.2.13
Cmu Cyrus Imap Server 2.3.14
7.5
CVSSv2
CVE-2006-2753
SQL injection vulnerability in MySQL 4.1.x prior to 4.1.20 and 5.0.x prior to 5.0.22 allows context-dependent malicious users to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the m...
Mysql Mysql 4.1.14
Mysql Mysql 4.1.15
Oracle Mysql 4.1.4
Oracle Mysql 4.1.5
Mysql Mysql 5.0.10
Oracle Mysql 5.0.11
Oracle Mysql 5.0.12
Oracle Mysql 5.0.19
Mysql Mysql 5.0.2
Oracle Mysql 5.0.6
Oracle Mysql 5.0.7
Mysql Mysql 4.1.12
Mysql Mysql 4.1.13
Mysql Mysql 4.1.2
Mysql Mysql 4.1.3
Mysql Mysql 5.0.0
Mysql Mysql 5.0.1
Mysql Mysql 4.1.0
Oracle Mysql 4.1.1
Oracle Mysql 4.1.16
Oracle Mysql 4.1.17
Oracle Mysql 4.1.6
7.5
CVSSv2
CVE-2006-2313
PostgreSQL 8.1.x prior to 8.1.4, 8.0.x prior to 8.0.8, 7.4.x prior to 7.4.13, 7.3.x prior to 7.3.15, and previous versions versions allows context-dependent malicious users to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, a...
Postgresql Postgresql 7.3
Postgresql Postgresql 7.3.2
Postgresql Postgresql 7.3.3
Postgresql Postgresql 7.4.1
Postgresql Postgresql 7.4.10
Postgresql Postgresql 7.4.6
Postgresql Postgresql 7.4.7
Postgresql Postgresql 8.0.4
Postgresql Postgresql 8.0.5
Postgresql Postgresql 7.3.13
Postgresql Postgresql 7.3.14
Postgresql Postgresql 7.3.8
Postgresql Postgresql 7.3.9
Postgresql Postgresql 7.4
Postgresql Postgresql 7.4.4
Postgresql Postgresql 7.4.5
Postgresql Postgresql 8.0.2
Postgresql Postgresql 8.0.3
Postgresql Postgresql 8.1.3
Postgresql Postgresql 7.3.1
Postgresql Postgresql 7.3.10
Postgresql Postgresql 7.3.4
7.5
CVSSv2
CVE-2006-2314
PostgreSQL 8.1.x prior to 8.1.4, 8.0.x prior to 8.0.8, 7.4.x prior to 7.4.13, 7.3.x prior to 7.3.15, and previous versions versions allows context-dependent malicious users to bypass SQL injection protection methods in applications that use multibyte encodings that allow the &quo...
Postgresql Postgresql 7.3
Postgresql Postgresql 7.3.1
Postgresql Postgresql 7.3.3
Postgresql Postgresql 7.3.4
Postgresql Postgresql 7.4.1
Postgresql Postgresql 7.4.10
Postgresql Postgresql 7.4.7
Postgresql Postgresql 7.4.8
Postgresql Postgresql 8.0.5
Postgresql Postgresql 8.0.6
Postgresql Postgresql 7.3.14
Postgresql Postgresql 7.3.2
Postgresql Postgresql 7.3.10
Postgresql Postgresql 7.3.9
Postgresql Postgresql 7.4
Postgresql Postgresql 7.4.5
Postgresql Postgresql 7.4.6
Postgresql Postgresql 8.0.3
Postgresql Postgresql 8.0.4
Postgresql Postgresql 8.1.3
Postgresql Postgresql 7.3.11
Postgresql Postgresql 7.3.5
6.5
CVSSv2
CVE-2017-18389
cPanel prior to 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).
Cpanel Cpanel
5
CVSSv2
CVE-2020-26102
In cPanel prior to 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550).
Cpanel Cpanel
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »