Total
53 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-1929 | 1 Dovecot | 1 Dovecot | 2023-12-10 | 5.0 MEDIUM | N/A |
lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message. | |||||
CVE-2010-3779 | 1 Dovecot | 1 Dovecot | 2023-12-10 | 3.5 LOW | N/A |
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox. | |||||
CVE-2010-3780 | 1 Dovecot | 1 Dovecot | 2023-12-10 | 4.0 MEDIUM | N/A |
Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions. | |||||
CVE-2008-5301 | 1 Dovecot | 1 Dovecot | 2023-12-10 | 6.4 MEDIUM | N/A |
Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name. | |||||
CVE-2008-4578 | 1 Dovecot | 1 Dovecot | 2023-12-10 | 5.0 MEDIUM | N/A |
The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes. | |||||
CVE-2008-4907 | 1 Dovecot | 1 Dovecot | 2023-12-10 | 4.3 MEDIUM | N/A |
The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug." | |||||
CVE-2009-3235 | 1 Dovecot | 1 Dovecot | 2023-12-10 | 7.5 HIGH | N/A |
Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632. | |||||
CVE-2008-4870 | 2 Dovecot, Redhat | 2 Dovecot, Enterprise Linux | 2023-12-10 | 2.1 LOW | N/A |
dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value. | |||||
CVE-2007-4211 | 1 Dovecot | 1 Dovecot | 2023-12-10 | 6.0 MEDIUM | N/A |
The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command. | |||||
CVE-2007-2231 | 1 Dovecot | 1 Dovecot | 2023-12-10 | 4.3 MEDIUM | N/A |
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name. | |||||
CVE-2008-1199 | 1 Dovecot | 1 Dovecot | 2023-12-10 | 4.4 MEDIUM | N/A |
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack. | |||||
CVE-2008-1218 | 1 Dovecot | 1 Dovecot | 2023-12-10 | 6.8 MEDIUM | N/A |
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified. | |||||
CVE-2007-6598 | 1 Dovecot | 1 Dovecot | 2023-12-10 | 6.8 MEDIUM | N/A |
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password. |