Dovecot

Dovecot

69 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 3.25%
  • Veröffentlicht 24.05.2011 23:55:04
  • Zuletzt bearbeitet 16.06.2026 23:30:24

lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a cr...

  • EPSS 2.35%
  • Veröffentlicht 06.10.2010 21:00:01
  • Zuletzt bearbeitet 16.06.2026 23:23:31

Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.

  • EPSS 1.1%
  • Veröffentlicht 06.10.2010 21:00:01
  • Zuletzt bearbeitet 16.06.2026 23:23:31

Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a ma...

  • EPSS 2.67%
  • Veröffentlicht 06.10.2010 17:00:17
  • Zuletzt bearbeitet 16.06.2026 23:23:22

plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ...

  • EPSS 2.13%
  • Veröffentlicht 06.10.2010 17:00:17
  • Zuletzt bearbeitet 16.06.2026 23:23:22

plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ...

  • EPSS 2.71%
  • Veröffentlicht 24.09.2010 19:00:04
  • Zuletzt bearbeitet 16.06.2026 23:22:33

The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote attackers to read mailboxes that have unintended weak ACLs.

  • EPSS 3.08%
  • Veröffentlicht 20.05.2010 17:30:01
  • Zuletzt bearbeitet 16.06.2026 23:16:46

Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message.

  • EPSS 0.38%
  • Veröffentlicht 24.11.2009 17:30:00
  • Zuletzt bearbeitet 16.06.2026 23:12:35

Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir d...

  • EPSS 4.04%
  • Veröffentlicht 17.09.2009 10:30:01
  • Zuletzt bearbeitet 16.06.2026 23:11:11

Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via...

  • EPSS 1.83%
  • Veröffentlicht 01.12.2008 17:30:01
  • Zuletzt bearbeitet 16.06.2026 22:59:40

Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.