Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dovecot dovecot vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2017-15130
A denial of service flaw was found in dovecot prior to 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.
Dovecot Dovecot
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 17.10
4.3
CVSSv2
CVE-2015-3420
The ssl-proxy-openssl.c function in Dovecot prior to 2.2.17, when SSLv3 is disabled, allow remote malicious users to cause a denial of service (login process crash) via vectors related to handshake failures.
Dovecot Dovecot
Fedoraproject Fedora 22
Fedoraproject Fedora 20
Fedoraproject Fedora 21
4.3
CVSSv2
CVE-2010-0433
The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL prior to 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote malicious users to cause a denial of service (NULL pointer derefe...
Openssl Openssl 0.9.8b
Openssl Openssl 0.9.8c
Openssl Openssl 0.9.8e
Openssl Openssl
Openssl Openssl 0.9.8g
Openssl Openssl 0.9.8k
Openssl Openssl 0.9.8d
Openssl Openssl 0.9.8j
Openssl Openssl 0.9.8l
Openssl Openssl 0.9.8a
Openssl Openssl 0.9.8
Openssl Openssl 0.9.8i
Openssl Openssl 0.9.8f
Openssl Openssl 0.9.8h
4.3
CVSSv2
CVE-2008-4907
The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote malicious users to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "...
Dovecot Dovecot 1.1.5
Dovecot Dovecot 1.1.4
1 EDB exploit
4.3
CVSSv2
CVE-2007-5794
Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot...
Nss Ldap Nss Ldap
4.3
CVSSv2
CVE-2007-2231
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot prior to 1.0.rc29, when using the zlib plugin, allows remote malicious users to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
Dovecot Dovecot 1.0.rc20
Dovecot Dovecot 1.0.beta2
Dovecot Dovecot 1.0.beta5
Dovecot Dovecot 1.0.rc15
Dovecot Dovecot 1.0.rc19
Dovecot Dovecot 1.0.rc12
Dovecot Dovecot 1.0.beta4
Dovecot Dovecot 1.0.rc14
Dovecot Dovecot 1.0.beta6
Dovecot Dovecot 1.0.beta9
Dovecot Dovecot 1.0.rc8
Dovecot Dovecot 1.0.rc2
Dovecot Dovecot 1.0.rc25
Dovecot Dovecot 1.0.beta8
Dovecot Dovecot 1.0.beta3
Dovecot Dovecot 1.0.rc16
Dovecot Dovecot 1.0.rc9
Dovecot Dovecot 1.0.rc27
Dovecot Dovecot 1.0.beta1
Dovecot Dovecot 1.0.rc13
Dovecot Dovecot 1.0.rc11
Dovecot Dovecot 1.0.rc6
4
CVSSv2
CVE-2020-28200
The Sieve engine in Dovecot prior to 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.
Dovecot Dovecot
Fedoraproject Fedora 33
Fedoraproject Fedora 34
4
CVSSv2
CVE-2010-4011
Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a...
Apple Mac Os X Server 10.6.5
4
CVSSv2
CVE-2010-3780
Dovecot 1.2.x prior to 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.
Dovecot Dovecot 1.2.2
Dovecot Dovecot 1.2.7
Dovecot Dovecot 1.2.4
Dovecot Dovecot 1.2.9
Dovecot Dovecot 1.2.11
Dovecot Dovecot 1.2.1
Dovecot Dovecot 1.2.13
Dovecot Dovecot 1.2.8
Dovecot Dovecot 1.2.6
Dovecot Dovecot 1.2.5
Dovecot Dovecot 1.2.10
Dovecot Dovecot 1.2.14
Dovecot Dovecot 1.2.3
Dovecot Dovecot 1.2.0
Dovecot Dovecot 1.2.12
3.5
CVSSv2
CVE-2010-3779
Dovecot 1.2.x prior to 1.2.15 and 2.0.x prior to 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by ...
Dovecot Dovecot 1.2.2
Dovecot Dovecot 1.2.7
Dovecot Dovecot 1.2.4
Dovecot Dovecot 1.2.9
Dovecot Dovecot 1.2.11
Dovecot Dovecot 1.2.1
Dovecot Dovecot 1.2.13
Dovecot Dovecot 1.2.8
Dovecot Dovecot 1.2.6
Dovecot Dovecot 1.2.5
Dovecot Dovecot 1.2.10
Dovecot Dovecot 1.2.14
Dovecot Dovecot 1.2.3
Dovecot Dovecot 1.2.0
Dovecot Dovecot 1.2.12
Dovecot Dovecot 2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »