Vulnerabilities > Dovecot > Dovecot > 2.1.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-08-29 | CVE-2019-11500 | Out-of-bounds Write vulnerability in multiple products In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. | 9.8 |
2019-04-24 | CVE-2019-10691 | The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username. | 7.5 |
2019-03-28 | CVE-2019-7524 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. | 7.8 |
2019-03-27 | CVE-2019-3814 | Improper Certificate Validation vulnerability in multiple products It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. | 6.8 |
2018-03-02 | CVE-2017-15130 | A denial of service flaw was found in dovecot before 2.2.34. | 4.3 |
2018-01-25 | CVE-2017-15132 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. | 5.0 |
2017-09-19 | CVE-2015-3420 | Improper Certificate Validation vulnerability in multiple products The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures. | 4.3 |
2017-02-17 | CVE-2016-8652 | Improper Input Validation vulnerability in Dovecot The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username. | 4.3 |
2014-05-27 | CVE-2013-2111 | Improper Input Validation vulnerability in Dovecot The IMAP functionality in Dovecot before 2.2.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via invalid APPEND parameters. | 5.0 |
2014-05-14 | CVE-2014-3430 | Improper Authentication vulnerability in Dovecot Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection. | 5.0 |