Vulnerabilities > Dovecot > Dovecot > 2.2.36.3

DATE CVE VULNERABILITY TITLE RISK
2019-12-13 CVE-2019-19722 NULL Pointer Dereference vulnerability in multiple products
In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference.
network
low complexity
dovecot fedoraproject CWE-476
5.3
5.3
2019-08-29 CVE-2019-11500 Out-of-bounds Write vulnerability in multiple products
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings.
network
low complexity
dovecot debian fedoraproject CWE-787
critical
 9.8
9.8
2019-04-24 CVE-2019-10691 The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.
network
low complexity
dovecot opensuse
7.5
7.5