Vulnerabilities > Dovecot
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-28 | CVE-2019-7524 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. | 7.8 |
| 2019-03-27 | CVE-2019-3814 | Improper Certificate Validation vulnerability in multiple products It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. | 6.8 |
| 2018-06-21 | CVE-2017-2669 | Improper Input Validation vulnerability in multiple products Dovecot before version 2.2.29 is vulnerable to a denial of service. | 5.0 |
| 2018-03-02 | CVE-2017-15130 | A denial of service flaw was found in dovecot before 2.2.34. | 4.3 |
| 2018-03-02 | CVE-2017-14461 | Out-of-bounds Read vulnerability in multiple products A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. | 5.5 |
| 2018-01-25 | CVE-2017-15132 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. | 5.0 |
| 2017-09-19 | CVE-2015-3420 | Improper Certificate Validation vulnerability in multiple products The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures. | 4.3 |
| 2017-02-17 | CVE-2016-8652 | Improper Input Validation vulnerability in Dovecot The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username. | 4.3 |
| 2014-05-27 | CVE-2013-2111 | Improper Input Validation vulnerability in Dovecot The IMAP functionality in Dovecot before 2.2.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via invalid APPEND parameters. | 5.0 |
| 2014-05-14 | CVE-2014-3430 | Improper Authentication vulnerability in Dovecot Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection. | 5.0 |