Vulnerabilities > Dovecot > Dovecot > 2.3.11.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-17 | CVE-2022-30550 | Improper Authentication vulnerability in multiple products An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. | 8.8 |
| 2021-06-28 | CVE-2020-28200 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension. | 4.3 |
| 2021-06-28 | CVE-2021-33515 | Command Injection vulnerability in multiple products The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. | 4.8 |
| 2021-06-28 | CVE-2021-29157 | Path Traversal vulnerability in multiple products Dovecot before 2.3.15 allows ../ Path Traversal. | 5.5 |
| 2021-01-04 | CVE-2020-25275 | Improper Input Validation vulnerability in multiple products Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts. | 7.5 |
| 2021-01-04 | CVE-2020-24386 | An issue was discovered in Dovecot before 2.3.13. | 6.8 |