| Bug | Description |
|---|
| CVE-2024-23185 | Very large headers can cause resource exhaustion when parsing message. ... |
| CVE-2024-23184 | Having a large number of address headers (From, To, Cc, Bcc, etc.) bec ... |
| CVE-2022-30550 | An issue was discovered in the auth component in Dovecot 2.2 and 2.3 b ... |
| CVE-2021-33515 | The submission service in Dovecot before 2.3.15 allows STARTTLS comman ... |
| CVE-2021-29157 | Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with acce ... |
| CVE-2020-25275 | Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and ... |
| CVE-2020-24386 | An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, ... |
| CVE-2020-12674 | In Dovecot before 2.3.11.3, sending a specially formatted RPA request ... |
| CVE-2020-12673 | In Dovecot before 2.3.11.3, sending a specially formatted NTLM request ... |
| CVE-2020-12100 | In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp ... |
| CVE-2020-10967 | In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash ... |
| CVE-2020-10958 | In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an un ... |
| CVE-2020-10957 | In Dovecot before 2.3.10.1, unauthenticated sending of malformed param ... |
| CVE-2020-7957 | The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle ... |
| CVE-2020-7046 | lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 ... |
| CVE-2019-19722 | In Dovecot before 2.3.9.2, an attacker can crash a push-notification d ... |
| CVE-2019-11500 | In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole be ... |
| CVE-2019-11499 | In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-lo ... |
| CVE-2019-11494 | In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-lo ... |
| CVE-2019-10691 | The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeate ... |
| CVE-2019-7524 | In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker ... |
| CVE-2019-3814 | It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 in ... |
| CVE-2017-15132 | A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SA ... |
| CVE-2017-15130 | A denial of service flaw was found in dovecot before 2.2.34. An attack ... |
| CVE-2017-14461 | A specially crafted email delivered over SMTP and passed on to Dovecot ... |
| CVE-2017-2669 | Dovecot before version 2.2.29 is vulnerable to a denial of service. Wh ... |
| CVE-2016-8652 | The auth component in Dovecot before 2.2.27, when auth-policy is confi ... |
| CVE-2016-4983 | A postinstall script in the dovecot rpm allows local users to read the ... |
| CVE-2015-3420 | The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 ... |
| CVE-2014-3430 | Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x befo ... |
| CVE-2013-6171 | checkpassword-reply in Dovecot before 2.2.7 performs setuid operations ... |
| CVE-2013-2111 | The IMAP functionality in Dovecot before 2.2.2 allows remote attackers ... |
| CVE-2011-4318 | Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostn ... |
| CVE-2011-2167 | script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot ... |
| CVE-2011-2166 | script-login in Dovecot 2.0.x before 2.0.13 does not follow the user a ... |
| CVE-2011-1929 | lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2. ... |
| CVE-2010-4011 | Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memor ... |
| CVE-2010-3780 | Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause ... |
| CVE-2010-3779 | Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admi ... |
| CVE-2010-3707 | plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0 ... |
| CVE-2010-3706 | plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0 ... |
| CVE-2010-3304 | The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to ... |
| CVE-2010-0745 | Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote ... |
| CVE-2010-0535 | Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled ... |
| CVE-2009-3897 | Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of ce ... |
| CVE-2009-3235 | Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1 ... |
| CVE-2009-2632 | Buffer overflow in the SIEVE script component (sieve/script.c), as use ... |
| CVE-2008-5301 | Directory traversal vulnerability in the ManageSieve implementation in ... |
| CVE-2008-4907 | The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the ... |
| CVE-2008-4578 | The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass inte ... |
| CVE-2008-4577 | The ACL plugin in Dovecot before 1.1.4 treats negative access rights a ... |
| CVE-2008-1218 | Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1 ... |
| CVE-2008-1199 | Dovecot before 1.0.11, when configured to use mail_extra_groups to all ... |
| CVE-2007-6598 | Dovecot before 1.0.10, with certain configuration options including us ... |
| CVE-2007-4211 | The ACL plugin in Dovecot before 1.0.3 allows remote authenticated use ... |
| CVE-2007-2231 | Directory traversal vulnerability in index/mbox/mbox-storage.c in Dove ... |
| CVE-2006-5973 | Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and ... |
| CVE-2006-2414 | Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows r ... |
| CVE-2006-0730 | Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow ... |