pkg:Debian/dovecot
96 total CVEsCRITICAL4HIGH29MEDIUM29
✅ Check your installed version
All known vulnerabilities
- from 0, < 1:2.2.27-3+deb9u5
- from 0, < 1:2.3.7.2-1
- from 0, < 1:2.2.13-12~deb8u7
- CRITICAL9.1CVE-2026-27851When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabl…from 0
- HIGH8.8CVE-2022-30550An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20.from 0, < 1:2.3.13+dfsg1-2+deb11u1
- HIGH8.2CVE-2026-24031Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin.from 0, < 1:2.4.1+dfsg1-6+deb13u4
- from 0, < 1:2.2.13-12~deb8u6
- from 0, < 1:2.3.4.1-3
- from 0, < 1:2.2.27-3+deb9u4
- HIGH7.5CVE-2026-27858Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory.from 0, < 1:2.3.13+dfsg1-2+deb11u3
- HIGH7.5CVE-2026-27857Sending "NOOP (((...)))" command with 4000 parenthesis open+close results in ~1MB extra memory usage.from 0, < 1:2.3.13+dfsg1-2+deb11u3
- HIGH7.5CVE-2025-59032ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response.from 0, < 1:2.3.13+dfsg1-2+deb11u3
- HIGH7.5CVE-2025-59028When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fa…from 0, < 1:2.4.1+dfsg1-6+deb13u4
- from 0, < 1:2.3.13+dfsg1-2+deb11u2
- HIGH7.5CVE-2020-25275Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message wit…from 0, < 1:2.3.13+dfsg1-1
- HIGH7.5CVE-2020-12674In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.from 0, < 1:2.3.11.3+dfsg1-1
- HIGH7.5CVE-2020-12673In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.from 0, < 1:2.3.11.3+dfsg1-1
- from 0, < 1:2.3.11.3+dfsg1-1
- from 0, < 1:2.3.4.1-5+deb10u3
- from 0, < 1:2.2.27-3+deb9u6
- from 0, < 1:2.3.4.1-5+deb10u2
- from 0, < 1:2.3.10.1+dfsg1-1
- HIGH7.5CVE-2019-11494In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during th…from 0, < 1:2.3.4.1-5
- HIGH7.5CVE-2019-11499In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured c…from 0, < 1:2.3.4.1-5
- HIGH7.5CVE-2019-10691The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate wi…from 0, < 1:2.3.4.1-4
- from 0, < 1:2.2.27-3
- from 0, < 1:2.2.34-1
- HIGH7.5CVE-2008-4577The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypas…from 0, < 1:1.0.15-2.2
- from 0, < 1:2.4.1+dfsg1-6+deb13u1
- from 0, < 1:2.4.1+dfsg1-6+deb13u1
- from 0, < 1:2.1.7-7+deb7u2
- from 0, < 1:2.2.34-1
- from 0, < 1:2.2.13-12~deb8u4
- from 0, < 1:2.2.27-3+deb9u7
- from 0, < 1:2.3.13+dfsg1-1
- from 0, < 1:2.3.4.1-5+deb10u5
- from 0, < 1:2.2.27-3+deb9u3
- from 0, < 1:2.2.13-12~deb8u5
- from 0, < 1:2.3.4.1-1
- MEDIUM6.5CVE-2026-40016Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130…from 0
- MEDIUM5.9CVE-2026-27856Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack.from 0, < 1:2.3.13+dfsg1-2+deb11u3
- MEDIUM5.9CVE-2026-27855Dovecot OTP authentication is vulnerable to replay attack under specific conditions.from 0, < 1:2.3.13+dfsg1-2+deb11u3
- from 0, < 1:2.2.34-1
- MEDIUM5.9CVE-2015-3420The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (log…from 0, < 1:2.2.13-12
- MEDIUM5.9CVE-2016-8652The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash)…from 0, < 1:2.2.27-1
- from 0, < 1:2.3.13+dfsg1-2
- MEDIUM5.5CVE-2009-3897Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to a…from 0, < 1:1.2.8-1
- MEDIUM5.3CVE-2026-33603Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding.from 0
- MEDIUM5.3CVE-2026-27860If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication.from 0, < 1:2.4.1+dfsg1-6+deb13u4
- MEDIUM5.3CVE-2026-27859A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU.from 0, < 1:2.3.13+dfsg1-2+deb11u3
- MEDIUM5.3CVE-2026-0394When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added…from 0, < 1:2.3.13+dfsg1-2+deb11u3
- MEDIUM5.3CVE-2020-10967In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpa…from 0, < 1:2.3.10.1+dfsg1-1
- MEDIUM5.3CVE-2020-10958In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or…from 0, < 1:2.3.10.1+dfsg1-1
- from 0, < 1:2.3.13+dfsg1-2+deb11u2
- from 0, < 1:2.3.13+dfsg1-2+deb11u2
- from 0, < 1:2.3.19.1+dfsg1-2.1+deb12u1
- from 0, < 1:2.3.4.1-5+deb10u7
- from 0, < 1:2.3.13+dfsg1-2
- MEDIUM4.3CVE-2026-42006An attacker can cause uncontrolled memory usage with excessive bracing over IMAP.from 0
- MEDIUM4.3CVE-2026-40020Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no.from 0
- from 0, < 1:2.3.13+dfsg1-2+deb11u3
- MEDIUM4.3CVE-2020-28200The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular e…from 0
- from 0, < 1:1.2.15-7+deb6u1
- from 0, < 1:2.2.13~rc1-1
- from 0, < 1:2.1.7-7+deb7u1
- —CVE-2013-6171checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass…from 0, < 1:2.2.9-1
- —CVE-2011-4318Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the…from 0, < 1:2.0.18-1
- —CVE-2011-2167script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users…from 0, < 1:2.0.13-1
- —CVE-2011-2166script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticat…from 0, < 1:2.0.13-1
- from 0, < 1:2.0.13-1
- from 0, < 1:1.2.15-7
- —CVE-2010-3780Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously discon…from 0, < 1:1.2.15-1
- —CVE-2010-3779Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace,…from 0, < 1:1.2.15-1
- —CVE-2010-3707plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the…from 0, < 1:1.2.15-1
- —CVE-2010-3706plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the…from 0, < 1:1.2.15-1
- —CVE-2010-3304The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow…from 0, < 1.2.13-1
- —CVE-2010-0745Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long he…from 0, < 1:1.2.11-1
- —CVE-2009-3235Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve,…from 0, < 1:1.2.1-1
- from 0, < 1.0.rc15-2etch5
- from 0, < 1:1.2.1-1
- —CVE-2008-5301Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and mod…from 0, < 1:1.0.15-2.3
- —CVE-2008-4907The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers t…from 0, < 1:1.1.7-1
- —CVE-2008-4870dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows loc…from 0
- —CVE-2008-4578The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorize…from 0, < 1:1.1.9-1
- —CVE-2008-1218Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attac…from 0, < 1:1.0.13-1
- from 0, < 1.0.rc15-2etch4
- from 0, < 1:1.0.12-1
- from 0, < 1.0.rc15-2etch3
- from 0, < 1:1.0.10-1
- —CVE-2007-4211The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2)…from 0, < 1:1.0.3-2
- from 0, < 1.0.rc15-2etch1
- from 0, < 1.0.rc29-1
- —CVE-2006-5973Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable i…from 0, < 1.0.rc15-1
- from 0, < 1.0.beta8-1
- from 0, < 0.99.14-1sarge0
- —CVE-2006-0730Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or h…from 0, < 1.0.beta3-1