from 0, < 2.3.7.2-r0
HIGH8.8CVE-2022-30550An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. from 0, < 2.3.19.1-r5
HIGH8.2CVE-2026-24031Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. from 0, < 2.4.3-r0
HIGH7.8dovecot - security update
from 0, < 2.3.5.1-r0
HIGH7.5Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage.
from 0, < 2.4.3-r0
HIGH7.5When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fa…
from 0, < 2.4.3-r0
HIGH7.5Very large headers can cause resource exhaustion when parsing message.
from 0, < 2.3.21.1-r0
HIGH7.5Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message wit…
from 0, < 2.3.13-r0
HIGH7.5In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
from 0, < 2.3.10.1-r1
HIGH7.5In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
from 0, < 2.3.10.1-r1
HIGH7.5dovecot - security update
from 0, < 2.3.11.3-r0
HIGH7.5dovecot - security update
from 0, < 2.3.10.1-r0
HIGH7.5lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrate…
from 0, < 2.3.10.1-r0
HIGH7.5In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during th…
from 0, < 2.3.6-r0
HIGH7.5In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured c…
from 0, < 2.3.6-r0
HIGH7.5The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate wi…
from 0, < 2.3.6-r0
HIGH7.5A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0.
from 0, < 2.3.1-r0
HIGH7.4dovecot - security update
from 0, < 2.4.2-r0
HIGH7.1dovecot - security update
from 0, < 2.3.1-r0
MEDIUM6.8dovecot - security update
from 0, < 2.3.13-r0
MEDIUM6.8dovecot - security update
from 0, < 2.3.4.1-r0
MEDIUM5.9Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack.
from 0, < 2.4.3-r0
MEDIUM5.9Dovecot OTP authentication is vulnerable to replay attack under specific conditions.
from 0, < 2.4.3-r0
MEDIUM5.9A denial of service flaw was found in dovecot before 2.2.34.
from 0, < 2.3.1-r0
MEDIUM5.5Dovecot before 2.3.15 allows ../ Path Traversal.
from 0, < 2.3.15-r0
MEDIUM5.3If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication.
from 0, < 2.4.3-r0
MEDIUM5.3A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU.
from 0, < 2.4.3-r0
MEDIUM5.3In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpa…
from 0, < 2.3.10.1-r0
MEDIUM5.3In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or…
from 0, < 2.3.10.1-r0
MEDIUM5.3The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the…
from 0, < 2.3.10.1-r0
MEDIUM5.3In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because…
from 0, < 2.3.9.2-r0
MEDIUM5.0dovecot - security update
from 0, < 2.3.21.1-r0
MEDIUM4.8dovecot - security update
from 0, < 2.3.15-r0
MEDIUM4.3Dovecot has provided a script to use for attachment to text conversion.
from 0, < 2.4.3-r0