Max CVSS 7.5 Min CVSS 4.9 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2020-12674 5.0
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
03-02-2023 - 02:23 12-08-2020 - 16:15
CVE-2020-10967 5.0
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
13-10-2020 - 22:15 18-05-2020 - 15:15
CVE-2020-12674 5.0
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
25-09-2020 - 19:15 12-08-2020 - 16:15
CVE-2020-10967 5.0
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
25-09-2020 - 19:15 18-05-2020 - 15:15
CVE-2020-10957 5.0
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.
28-05-2020 - 04:15 18-05-2020 - 14:15
CVE-2019-11500 7.5
In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
06-09-2019 - 15:15 29-08-2019 - 14:15
CVE-2019-3814 4.9
It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
14-06-2019 - 03:29 27-03-2019 - 13:29
Back to Top Mark selected
Back to Top