CVE Daily
← All tags

Tag: Dovecot

All CVEs associated with "Dovecot". Page 1/1 • 75 CVEs.

About “Dovecot”

A curated feed of “Dovecot”-related CVEs appears below. We currently track 75 CVEs for this tag (all time). In the last 365 days, 7 were published. Average CVSS is 5.9 (all time; 5.4 over 365d), and 29% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-284 - Improper Access Control, CWE-99 - Improper Control of Resource Identifiers ('Resource Injection'), CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection').

In our taxonomy this topic maps to a MODERATE impact class. Mail servers and webmail risk credential theft and data exposure. Patch MTA or IMAP, enforce TLS and auth, lock down admin consoles, and validate anti spam or AV. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

Support & lifecycle: dovecot

This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.

CycleReleaseLatestPremier SupportEOLLTS
2.42.4.4Unavailable-
2.32.3.21.1-
2.22.2.36.4 Expired
2.12.1.16 Expired
2.02.0.15 Expired

Maintained Soon (≤ 180 days) Expired

Subscribe lifecycle: RSS (expired)  ·  ICS

Subscribe CVEs: RSS for “Dovecot”  ·  RSS (High+Critical only)

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2026-05-12
Low

CVE-2026-40020

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes folders to be spammed to all users. The impact is lim…

CVSS: 3.1 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2026-33603

Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the c…

CVSS: 6.8 CWE: CWE-99 - Improper Control of Resource Identifiers ('Resource Injection') View on NVD
2026-03-27
Low

CVE-2026-27860

If auth_username_chars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure…

CVSS: 3.7 CWE: CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') View on NVD
Medium

CVE-2026-27855

Dovecot OTP authentication is vulnerable to replay attack under specific conditions. If auth cache is enabled, and username is altered in passdb, then OTP credentials can be cached so that same OTP r…

CVSS: 6.8 CWE: CWE-294 - Authentication Bypass by Capture-replay View on NVD
High

CVE-2026-24031

Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear auth_…

CVSS: 7.7 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
Medium

CVE-2026-0394

When dovecot has been configured to use per-domain passwd files, and they are placed one path component above /etc, or slash has been added to allowed characters, path traversal can happen if the dom…

CVSS: 5.3 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2025-59031

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended file…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2024-09-10
High

CVE-2024-23185

Very large headers can cause resource exhaustion when parsing message. The message-parser normally reads reasonably sized chunks of the message. However, when it feeds them to message-header-parser,…

CVSS: 7.5 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
Medium

CVE-2024-23184

Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observ…

CVSS: 5.0 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
2024-09-06
Medium

CVE-2024-25584

Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be CR LF DOT CR LF. This causes Dovecot to convert single mail with LF DOT LF in middle, into two email…

CVSS: 5.3 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
2023-06-07
High

CVE-2023-34108

mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. A vulnerability has been discovered in mailcow w…

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2023-03-04
High

CVE-2023-26490

mailcow is a dockerized email package, with multiple containers linked in one bridged network. The Sync Job feature - which can be made available to standard users by assigning them the necessary per…

CVSS: 7.3 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2022-07-17
High

CVE-2022-30550

An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and m…

CVSS: 8.8 CWE: CWE-287 - Improper Authentication View on NVD
2021-06-28
Medium

CVE-2021-33515

The submission service in Dovecot before 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.

CVSS: 4.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
Medium

CVE-2020-28200

The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.

CVSS: 4.3 CWE: CWE-770 - Allocation of Resources Without Limits or Throttling View on NVD
High

CVE-2021-29157

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled locatio…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2021-01-04
High

CVE-2020-25275

Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts.

CVSS: 7.5 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2020-24386

An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email m…

CVSS: 6.8 CWE: N/A View on NVD
2020-09-25
High

CVE-2020-26102

In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550).

CVSS: 7.5 CWE: N/A View on NVD
2020-08-12
High

CVE-2020-12674

In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2020-12673

In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.

CVSS: 7.5 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2020-12100

In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply ne…

CVSS: 7.5 CWE: CWE-674 - Uncontrolled Recursion View on NVD
2020-05-18
Medium

CVE-2020-10967

In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.

CVSS: 5.3 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2020-10958

In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving…

CVSS: 5.3 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2020-10957

In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2020-02-12
Medium

CVE-2020-7957

The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a den…

CVSS: 5.3 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2020-7046

lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 data in command parameters, as demonstrated by the unauthenticated triggering of a submission-login in…

CVSS: 7.5 CWE: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop') View on NVD
2019-12-13
Medium

CVE-2019-19722

In Dovecot before 2.3.9.2, an attacker can crash a push-notification driver with a crafted email when push notifications are used, because of a NULL Pointer Dereference. The email must use a group ad…

CVSS: 5.3 CWE: CWE-476 - NULL Pointer Dereference View on NVD
2019-11-05
Low

CVE-2016-4983

A postinstall script in the dovecot rpm allows local users to read the contents of newly created SSL/TLS key files.

CVSS: 3.3 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2019-08-29
Critical

CVE-2019-11500

In Dovecot before 2.2.36.4 and 2.3.x before 2.3.7.2 (and Pigeonhole before 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead…

CVSS: 9.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2019-08-02
Medium

CVE-2017-18389

cPanel before 68.0.15 allows string format injection in dovecot-xaps-plugin (SEC-318).

CVSS: 6.3 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
2019-05-08
High

CVE-2019-11494

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.

CVSS: 7.5 CWE: CWE-476 - NULL Pointer Dereference View on NVD
High

CVE-2019-11499

In the IMAP Server in Dovecot 2.3.3 through 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.

CVSS: 7.5 CWE: N/A View on NVD
2019-04-24
High

CVE-2019-10691

The JSON encoder in Dovecot before 2.3.5.2 allows attackers to repeatedly crash the authentication service by attempting to authenticate with an invalid UTF-8 sequence as the username.

CVSS: 7.5 CWE: N/A View on NVD
2019-03-28
High

CVE-2019-7524

In Dovecot before 2.2.36.3 and 2.3.x before 2.3.5.1, a local attacker can cause a buffer overflow in the indexer-worker process, which can be used to elevate to root. This occurs because of missing c…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2019-03-27
High

CVE-2019-3814

It was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possession of a valid certificate with an empty username field could…

CVSS: 7.7 CWE: CWE-295 - Improper Certificate Validation View on NVD
2018-06-21
Low

CVE-2017-2669

Dovecot before version 2.2.29 is vulnerable to a denial of service. When 'dict' passdb and userdb were used for user authentication, the username sent by the IMAP/POP3 client was sent through var_exp…

CVSS: 3.7 CWE: CWE-20 - Improper Input Validation View on NVD
2018-03-02
Medium

CVE-2017-15130

A denial of service flaw was found in dovecot before 2.2.34. An attacker able to generate random SNI server names could exploit TLS SNI configuration lookups, leading to excessive memory usage and th…

CVSS: 5.9 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
Medium

CVE-2017-14461

A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order…

CVSS: 5.9 CWE: CWE-125 - Out-of-bounds Read View on NVD
2018-01-25
High

CVE-2017-15132

A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of SASL authentication results in a memory leak in dovecot's auth client used by login processes. The leak has impact in high performa…

CVSS: 7.5 CWE: CWE-400 - Uncontrolled Resource Consumption View on NVD
2017-09-19
Medium

CVE-2015-3420

The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures.

CVSS: 5.9 CWE: CWE-295 - Improper Certificate Validation View on NVD
2017-02-17
Medium

CVE-2016-8652

The auth component in Dovecot before 2.2.27, when auth-policy is configured, allows a remote attackers to cause a denial of service (crash) by aborting authentication without setting a username.

CVSS: 5.9 CWE: CWE-20 - Improper Input Validation View on NVD
2014-05-27
Medium

CVE-2013-2111

The IMAP functionality in Dovecot before 2.2.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via invalid APPEND parameters.

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
2014-05-14
Medium

CVE-2014-3430

Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x before 2.2.12.12 does not properly close old connections, which allows remote attackers to cause a denial of service (resource consum…

CVSS: 5.0 CWE: CWE-287 - Improper Authentication View on NVD
2013-12-09
Medium

CVE-2013-6171

checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attachin…

CVSS: 5.8 CWE: CWE-287 - Improper Authentication View on NVD
2013-03-07
Medium

CVE-2011-4318

Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Comm…

CVSS: 5.8 CWE: CWE-20 - Improper Input Validation View on NVD
2011-05-24
Medium

CVE-2011-2167

script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a scrip…

CVSS: 6.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2011-2166

script-login in Dovecot 2.0.x before 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveragin…

CVSS: 6.5 CWE: CWE-16 View on NVD
Medium

CVE-2011-1929

lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of se…

CVSS: 5.0 CWE: CWE-20 - Improper Input Validation View on NVD
2010-11-17
Medium

CVE-2010-4011

Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstan…

CVSS: 4.0 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2010-10-06
Medium

CVE-2010-3780

Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.

CVSS: 4.0 CWE: N/A View on NVD
Low

CVE-2010-3779

Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass inten…

CVSS: 3.5 CWE: CWE-264 View on NVD
Medium

CVE-2010-3707

plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a direc…

CVSS: 5.5 CWE: CWE-264 View on NVD
Medium

CVE-2010-3706

plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a direc…

CVSS: 5.5 CWE: CWE-264 View on NVD
2010-09-24
Medium

CVE-2010-3304

The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended wea…

CVSS: 6.4 CWE: CWE-264 View on NVD
2010-05-20
Medium

CVE-2010-0745

Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.

CVSS: 5.0 CWE: CWE-399 View on NVD
2010-03-30
Medium

CVE-2010-0535

Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenti…

CVSS: 6.5 CWE: CWE-264 View on NVD
2010-03-05
Medium

CVE-2010-0433

The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2009-11-24
Medium

CVE-2009-3897

Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket,…

CVSS: 5.5 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2009-09-17
High

CVE-2009-3235

Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of serv…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2009-09-08
Medium

CVE-2009-2632

Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to…

CVSS: 4.4 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2008-12-01
Medium

CVE-2008-5301

Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script…

CVSS: 6.4 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2008-11-04
Medium

CVE-2008-4907

The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
2008-11-01
Low

CVE-2008-4870

dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.

CVSS: 2.1 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2008-10-15
Medium

CVE-2008-4578

The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.

CVSS: 5.0 CWE: CWE-264 View on NVD
High

CVE-2008-4577

The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.

CVSS: 7.5 CWE: CWE-863 - Incorrect Authorization View on NVD
2008-03-10
Medium

CVE-2008-1218

Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing…

CVSS: 6.8 CWE: CWE-255 View on NVD
2008-03-06
Medium

CVE-2008-1199

Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files…

CVSS: 4.4 CWE: CWE-16 View on NVD
2008-01-04
Medium

CVE-2007-6598

Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a diffe…

CVSS: 6.8 CWE: CWE-264 View on NVD
2007-11-13
Medium

CVE-2007-5794

Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper hand…

CVSS: 4.3 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
2007-08-08
Medium

CVE-2007-4211

The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.

CVSS: 6.0 CWE: N/A View on NVD
2007-04-25
Medium

CVE-2007-2231

Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) v…

CVSS: 4.3 CWE: N/A View on NVD
2006-11-20
Medium

CVE-2006-5973

Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 use…

CVSS: 5.0 CWE: N/A View on NVD
2006-05-16
Medium

CVE-2006-2414

Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the…

CVSS: 5.0 CWE: N/A View on NVD
2006-02-16
Medium

CVE-2006-0730

Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs"…

CVSS: 5.0 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
CVE Daily Lookup — auto-links CVE IDs on any page you visit. GitHub, Jira, Confluence & more. Free.
Chrome Firefox