Vulnerabilities > Dovecot > Dovecot > 2.2.8

DATE CVE VULNERABILITY TITLE RISK
2019-08-29 CVE-2019-11500 Out-of-bounds Write vulnerability in multiple products
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings.
network
low complexity
dovecot debian fedoraproject CWE-787
critical
 9.8
9.8
2019-04-24 CVE-2019-10691 The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.
network
low complexity
dovecot opensuse
7.5
7.5
2019-03-28 CVE-2019-7524 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root.
local
low complexity
dovecot debian canonical opensuse CWE-119
7.8
7.8
2019-03-27 CVE-2019-3814 Improper Certificate Validation vulnerability in multiple products
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates.
network
high complexity
dovecot canonical opensuse CWE-295
6.8
6.8
2018-03-02 CVE-2017-15130 A denial of service flaw was found in dovecot before 2.2.34. 4.3
4.3
2018-01-25 CVE-2017-15132 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0.
network
low complexity
dovecot debian canonical CWE-772
5.0
5.0
2017-09-19 CVE-2015-3420 Improper Certificate Validation vulnerability in multiple products
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures. 		4.3
4.3
2017-02-17 CVE-2016-8652 Improper Input Validation vulnerability in Dovecot
The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username.
network
dovecot CWE-20
4.3
4.3
2014-05-14 CVE-2014-3430 Improper Authentication vulnerability in Dovecot
Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection.
network
low complexity
dovecot CWE-287
5.0
5.0