Dovecot

Dovecot

69 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 6.2%
  • Veröffentlicht 04.11.2008 00:58:40
  • Zuletzt bearbeitet 16.06.2026 22:58:44

The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an as...

  • EPSS 0.37%
  • Veröffentlicht 01.11.2008 00:00:01
  • Zuletzt bearbeitet 16.06.2026 22:58:40

dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.

  • EPSS 1.68%
  • Veröffentlicht 15.10.2008 20:08:02
  • Zuletzt bearbeitet 16.06.2026 22:58:06

The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.

  • EPSS 2.33%
  • Veröffentlicht 15.10.2008 20:08:02
  • Zuletzt bearbeitet 16.06.2026 22:58:06

The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.

  • EPSS 7.34%
  • Veröffentlicht 10.03.2008 23:44:00
  • Zuletzt bearbeitet 16.06.2026 22:51:15

Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delim...

  • EPSS 0.34%
  • Veröffentlicht 06.03.2008 21:44:00
  • Zuletzt bearbeitet 16.06.2026 22:51:12

Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a s...

  • EPSS 1.96%
  • Veröffentlicht 04.01.2008 02:46:00
  • Zuletzt bearbeitet 16.06.2026 22:48:24

Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.

  • EPSS 1.38%
  • Veröffentlicht 08.08.2007 02:17:00
  • Zuletzt bearbeitet 16.06.2026 22:43:36

The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.

  • EPSS 2.12%
  • Veröffentlicht 25.04.2007 15:19:00
  • Zuletzt bearbeitet 16.06.2026 22:39:11

Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.