5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.4 High
AI Score
Confidence
Low
0.038 Low
EPSS
Percentile
91.9%
Software: dovecot 2.2.36
OS: Cobalt 7.9
CVE-ID: CVE-2019-10691
CVE-Crit: HIGH
CVE-DESC: The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly cause the authentication service to fail by attempting to authenticate with an invalid UTF-8 sequence as the username.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2019-19722
CVE-Crit: MEDIUM
CVE-DESC: In Dovecot before 2.3.9.2, an attacker can crash the push notification driver using a crafted email when using push notifications due to dereferencing a NULL pointer. The email must use the group address as the sender or recipient.
CVE-STATUS: Default
CVE-REV: Default
CVE-ID: CVE-2020-10957
CVE-Crit: HIGH
CVE-DESC: In Dovecot before 2.3.10.1, unauthenticated sending of invalid parameters to the NOOP command causes dereferencing of the NULL pointer and failure on send-entry, send, or lmtp.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2020-10958
CVE-Crit: MEDIUM
CVE-DESC: In Dovecot before 2.3.10.1, a crafted SMTP / LMTP message causes an unauthenticated use error after release in submission-login, submission or lmtp and may fail under circumstances that include many newline characters after the command. .
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2020-10967
CVE-Crit: MEDIUM
CVE-DESC: In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash lmtp or the sending process by sending mail with an empty local part.
CVE-STATUS: default
CVE-REV: default
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.4 High
AI Score
Confidence
Low
0.038 Low
EPSS
Percentile
91.9%