dovecot23 (SUSE:Linux Enterprise Module for Server Applications 15 SP3) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Server Applications 15 SP3 package dovecot23, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2022-30550 — CVSS 8.8 (high): An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the…
CVE-2021-29157 — CVSS 7.5 (high): Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using…
CVE-2021-33515 — CVSS 4.8 (medium): The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to…
CVE-2020-28200 — CVSS 4.3 (medium): The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular…