Dovecot

Dovecot

53 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2010-0745

  • EPSS 1.88%
  • Published 20.05.2010 17:30:01
  • Last modified 11.04.2025 00:51:21

Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.

5.5

CVE-2009-3897

  • EPSS 0.08%
  • Published 24.11.2009 17:30:00
  • Last modified 09.04.2025 00:30:58

Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir d...

7.5

CVE-2009-3235

  • EPSS 2.96%
  • Published 17.09.2009 10:30:01
  • Last modified 09.04.2025 00:30:58

Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via...

6.4

CVE-2008-5301

  • EPSS 0.57%
  • Published 01.12.2008 17:30:01
  • Last modified 09.04.2025 00:30:58

Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.

4.3

CVE-2008-4907

  • EPSS 13.74%
  • Published 04.11.2008 00:58:40
  • Last modified 09.04.2025 00:30:58

The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an as...

2.1

CVE-2008-4870

  • EPSS 0.04%
  • Published 01.11.2008 00:00:01
  • Last modified 09.04.2025 00:30:58

dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.

5

CVE-2008-4578

  • EPSS 0.76%
  • Published 15.10.2008 20:08:02
  • Last modified 09.04.2025 00:30:58

The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.

7.5

CVE-2008-4577

  • EPSS 1.1%
  • Published 15.10.2008 20:08:02
  • Last modified 09.04.2025 00:30:58

The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.

6.8

CVE-2008-1218

  • EPSS 18.73%
  • Published 10.03.2008 23:44:00
  • Last modified 09.04.2025 00:30:58

Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delim...

4.4

CVE-2008-1199

  • EPSS 0.04%
  • Published 06.03.2008 21:44:00
  • Last modified 09.04.2025 00:30:58

Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a s...