Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Dovecot Security Vulnerabilities

cve
cve

CVE-2021-29157

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver.

7.5CVSS

5.5AI Score

0.0005EPSS

2021-06-28 12:15 PM
162
7
cve
cve

CVE-2021-33515

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.

4.8CVSS

5.6AI Score

0.004EPSS

2021-06-28 01:15 PM
194
4
cve
cve

CVE-2022-30550

An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead ...

8.8CVSS

8.6AI Score

0.004EPSS

2022-07-17 07:15 PM
89
12
Total number of security vulnerabilities53