CVE-2017-14461
- EPSS 16.98%
- Veröffentlicht 02.03.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:12:50
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs t...
CVE-2017-15132
- EPSS 3.12%
- Veröffentlicht 25.01.2018 20:29:00
- Zuletzt bearbeitet 21.11.2024 03:14:08
A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are re...
CVE-2015-3420
- EPSS 2.84%
- Veröffentlicht 19.09.2017 15:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.
CVE-2016-8652
- EPSS 48.2%
- Veröffentlicht 17.02.2017 02:59:13
- Zuletzt bearbeitet 13.05.2026 00:24:29
The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username.
- EPSS 2.43%
- Veröffentlicht 27.05.2014 14:55:06
- Zuletzt bearbeitet 06.05.2026 22:30:45
The IMAP functionality in Dovecot before 2.2.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via invalid APPEND parameters.
- EPSS 3.33%
- Veröffentlicht 14.05.2014 19:55:13
- Zuletzt bearbeitet 06.05.2026 22:30:45
Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an I...
CVE-2013-6171
- EPSS 1.46%
- Veröffentlicht 09.12.2013 16:36:47
- Zuletzt bearbeitet 29.04.2026 01:13:23
checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descri...
CVE-2011-4318
- EPSS 1.32%
- Veröffentlicht 07.03.2013 01:55:01
- Zuletzt bearbeitet 29.04.2026 01:13:23
Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows...
CVE-2011-2167
- EPSS 2.21%
- Veröffentlicht 24.05.2011 23:55:04
- Zuletzt bearbeitet 16.06.2026 23:30:50
script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
CVE-2011-2166
- EPSS 2.01%
- Veröffentlicht 24.05.2011 23:55:04
- Zuletzt bearbeitet 16.06.2026 23:30:50
script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.