Vulnerabilities > Dovecot > Dovecot > 2.3.6

DATE CVE VULNERABILITY TITLE RISK
2020-05-18 CVE-2020-10957 NULL Pointer Dereference vulnerability in Dovecot
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.
network
low complexity
dovecot CWE-476
7.5
7.5
2019-12-13 CVE-2019-19722 NULL Pointer Dereference vulnerability in multiple products
In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference.
network
low complexity
dovecot fedoraproject CWE-476
5.3
5.3
2019-08-29 CVE-2019-11500 Out-of-bounds Write vulnerability in multiple products
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings.
network
low complexity
dovecot debian fedoraproject CWE-787
critical
 9.8
9.8