Vulnerabilities > Alpine Project > Alpine > 2.20.14
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-03 | CVE-2021-46853 | Unspecified vulnerability in Alpine Project Alpine Alpine before 2.25 allows remote attackers to cause a denial of service (application crash) when LIST or LSUB is sent before STARTTLS. | 5.9 |
| 2021-08-10 | CVE-2021-38370 | Command Injection vulnerability in Alpine Project Alpine In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS. | 5.9 |
| 2020-06-19 | CVE-2020-14929 | Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do. | 7.5 |