| CVE-2019-3814 |
AVG-872 |
High |
Yes |
Authentication bypass |
A vulnerability has been found in Dovecot versions prior to 2.3.4.1, allowing a remote client in possession of a trusted SSL certificate to log in as any... |
| CVE-2017-2669 |
AVG-238 |
Medium |
Yes |
Denial of service |
A security issue has been found in Dovecot >= 2.2.26 and <= 2.2.28. If the "dict" passdb is used for authentication, the username sent by the client is... |
| CVE-2017-15132 |
AVG-645 |
Medium |
Yes |
Denial of service |
A flaw was found in dovecot before 2.2.34 and 2.3.0.1. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login... |
| CVE-2017-15130 |
AVG-645 |
Medium |
Yes |
Denial of service |
A denial of service flaw was found in dovecot before 2.2.34 and 2.3.0.1. An attacker able to generate random SNI server names could exploit TLS SNI... |
| CVE-2017-14461 |
AVG-645 |
High |
Yes |
Information disclosure |
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information... |
| CVE-2016-8652 |
AVG-94 |
Medium |
Yes |
Denial of service |
If the auth-policy component has been activated in Dovecot, then a remote user is able to use SASL authentication to crash the auth component. Workaround is... |