Max CVSS 7.8 Min CVSS 4.9 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2020-12674 5.0
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
03-02-2023 - 02:23 12-08-2020 - 16:15
CVE-2020-12673 5.0
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
03-02-2023 - 02:22 12-08-2020 - 16:15
CVE-2020-12100 5.0
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.
29-10-2022 - 02:39 12-08-2020 - 16:15
CVE-2020-25275 5.0
Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.
02-09-2022 - 15:46 04-01-2021 - 17:15
CVE-2020-24386 4.9
An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
02-09-2022 - 15:45 04-01-2021 - 17:15
CVE-2020-7957 5.0
The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read a
01-01-2022 - 19:51 12-02-2020 - 17:15
CVE-2020-7046 7.8
lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login infinite loop.
30-12-2021 - 19:51 12-02-2020 - 17:15
CVE-2020-10967 5.0
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
13-10-2020 - 22:15 18-05-2020 - 15:15
CVE-2020-12674 5.0
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
25-09-2020 - 19:15 12-08-2020 - 16:15
CVE-2020-12673 5.0
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
25-09-2020 - 19:15 12-08-2020 - 16:15
CVE-2020-12100 5.0
In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.
25-09-2020 - 19:15 12-08-2020 - 16:15
CVE-2020-10967 5.0
In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
25-09-2020 - 19:15 18-05-2020 - 15:15
CVE-2020-10957 5.0
In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.
28-05-2020 - 04:15 18-05-2020 - 14:15
CVE-2020-10958 5.0
In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.
28-05-2020 - 04:15 18-05-2020 - 14:15
CVE-2019-7524 7.2
In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
14-06-2019 - 03:29 28-03-2019 - 14:29
Back to Top Mark selected
Back to Top