Dovecot 2.1.5

CPE Details

Dovecot 2.1.5
dovecot
dovecot
2.1.5
2013-03-20
11h56 +00:00
2013-03-20
11h56 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:dovecot:dovecot:2.1.5:*:*:*:*:*:*:*

Informations

Vendor

dovecot

Product

dovecot

Version

2.1.5

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-28200 2021-06-28
10h08 +00:00		 The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.
4.3
Medium
CVE-2021-33515 2021-06-28
10h04 +00:00		 The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.
4.8
Medium
CVE-2020-25275 2021-01-04
15h19 +00:00		 Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.
7.5
High
CVE-2020-12674 2020-08-12
13h20 +00:00		 In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
7.5
High
CVE-2020-12673 2020-08-12
13h18 +00:00		 In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
7.5
High
CVE-2020-12100 2020-08-12
13h07 +00:00		 In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.
7.5
High
CVE-2020-10967 2020-05-18
12h02 +00:00		 In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
5.3
Medium
CVE-2020-10958 2020-05-18
12h00 +00:00		 In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.
5.3
Medium
CVE-2020-10957 2020-05-18
11h56 +00:00		 In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.
7.5
High
CVE-2019-19722 2019-12-13
15h34 +00:00		 In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group address as either the sender or the recipient.
5.3
Medium
CVE-2019-11500 2019-08-29
11h51 +00:00		 In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
9.8
Critical
CVE-2019-10691 2019-04-24
14h49 +00:00		 The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.
7.5
High
CVE-2019-7524 2019-03-28
12h45 +00:00		 In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing checks in the fts and pop3-uidl components.
8.8
High
CVE-2019-3814 2019-03-27
11h20 +00:00		 It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could possibly use this issue to impersonate other users.
7.7
High
CVE-2017-15130 2018-03-02
15h00 +00:00		 A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and the process to restart.
5.9
Medium
CVE-2017-15132 2018-01-25
20h00 +00:00		 A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performance configuration where same login processes are reused and can cause the process to crash due to memory exhaustion.
7.5
High
CVE-2015-3420 2017-09-19
13h00 +00:00		 The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.
5.9
Medium
CVE-2016-8652 2017-02-16
17h00 +00:00		 The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username.
5.9
Medium
CVE-2013-2111 2014-05-27
13h00 +00:00		 The IMAP functionality in Dovecot before 2.2.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via invalid APPEND parameters.
5
CVE-2014-3430 2014-05-14
17h00 +00:00		 Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consumption) via an incomplete SSL/TLS handshake for an IMAP/POP3 connection.
5
CVE-2013-6171 2013-12-09
10h00 +00:00		 checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server.
5.8