CVE-2008-4907
- EPSS 6.2%
- Veröffentlicht 04.11.2008 00:58:40
- Zuletzt bearbeitet 16.06.2026 22:58:44
The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an as...
CVE-2008-4870
- EPSS 0.37%
- Veröffentlicht 01.11.2008 00:00:01
- Zuletzt bearbeitet 16.06.2026 22:58:40
dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
- EPSS 1.68%
- Veröffentlicht 15.10.2008 20:08:02
- Zuletzt bearbeitet 16.06.2026 22:58:06
The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
CVE-2008-4577
- EPSS 2.33%
- Veröffentlicht 15.10.2008 20:08:02
- Zuletzt bearbeitet 16.06.2026 22:58:06
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions.
CVE-2008-1218
- EPSS 7.34%
- Veröffentlicht 10.03.2008 23:44:00
- Zuletzt bearbeitet 16.06.2026 22:51:15
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delim...
CVE-2008-1199
- EPSS 0.34%
- Veröffentlicht 06.03.2008 21:44:00
- Zuletzt bearbeitet 16.06.2026 22:51:12
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a s...
CVE-2007-6598
- EPSS 1.96%
- Veröffentlicht 04.01.2008 02:46:00
- Zuletzt bearbeitet 16.06.2026 22:48:24
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
- EPSS 1.38%
- Veröffentlicht 08.08.2007 02:17:00
- Zuletzt bearbeitet 16.06.2026 22:43:36
The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
CVE-2007-2231
- EPSS 2.12%
- Veröffentlicht 25.04.2007 15:19:00
- Zuletzt bearbeitet 16.06.2026 22:39:11
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.