High

DATE	CVE	VULNERABILITY TITLE	RISK
2019-03-28	CVE-2019-7524	Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. local low complexity dovecot debian canonical opensuse CWE-119	7.8
2018-06-21	CVE-2017-2669	Improper Input Validation vulnerability in multiple products Dovecot before version 2.2.29 is vulnerable to a denial of service. network low complexity dovecot debian CWE-20	7.5
2018-03-02	CVE-2017-14461	Out-of-bounds Read vulnerability in multiple products A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. network low complexity dovecot debian ubuntu CWE-125	7.1
2018-01-25	CVE-2017-15132	Missing Release of Resource after Effective Lifetime vulnerability in multiple products A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. network low complexity dovecot debian canonical CWE-772	7.5
2008-10-15	CVE-2008-4577	Incorrect Authorization vulnerability in multiple products The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions. network low complexity dovecot fedoraproject opensuse canonical CWE-863	7.5