Vulnerabilities > Dovecot > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-28 | CVE-2020-28200 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension. | 4.3 |
| 2021-06-28 | CVE-2021-33515 | Command Injection vulnerability in multiple products The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. | 4.8 |
| 2021-06-28 | CVE-2021-29157 | Path Traversal vulnerability in multiple products Dovecot before 2.3.15 allows ../ Path Traversal. | 5.5 |
| 2021-01-04 | CVE-2020-24386 | An issue was discovered in Dovecot before 2.3.13. | 6.8 |
| 2020-05-18 | CVE-2020-10967 | Improper Input Validation vulnerability in Dovecot In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart. | 5.3 |
| 2020-05-18 | CVE-2020-10958 | Use After Free vulnerability in Dovecot In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command. | 5.3 |
| 2020-02-12 | CVE-2020-7957 | Improper Input Validation vulnerability in multiple products The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. | 5.3 |
| 2019-12-13 | CVE-2019-19722 | NULL Pointer Dereference vulnerability in multiple products In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. | 5.3 |
| 2019-03-27 | CVE-2019-3814 | Improper Certificate Validation vulnerability in multiple products It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. | 6.8 |
| 2018-03-02 | CVE-2017-15130 | A denial of service flaw was found in dovecot before 2.2.34. | 5.9 |