Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dovecot dovecot vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2011-2166
script-login in Dovecot 2.0.x prior to 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.
Dovecot Dovecot 2.0.9
Dovecot Dovecot 2.0.7
Dovecot Dovecot 2.0.12
Dovecot Dovecot 2.0.4
Dovecot Dovecot 2.0.2
Dovecot Dovecot 2.0.1
Dovecot Dovecot 2.0.10
Dovecot Dovecot 2.0.11
Dovecot Dovecot 2.0.8
Dovecot Dovecot 2.0.3
Dovecot Dovecot 2.0.0
Dovecot Dovecot 2.0.5
Dovecot Dovecot 2.0.6
6.5
CVSSv2
CVE-2011-2167
script-login in Dovecot 2.0.x prior to 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.
Dovecot Dovecot 2.0.9
Dovecot Dovecot 2.0.7
Dovecot Dovecot 2.0.12
Dovecot Dovecot 2.0.4
Dovecot Dovecot 2.0.2
Dovecot Dovecot 2.0.1
Dovecot Dovecot 2.0.10
Dovecot Dovecot 2.0.11
Dovecot Dovecot 2.0.8
Dovecot Dovecot 2.0.3
Dovecot Dovecot 2.0.0
Dovecot Dovecot 2.0.5
Dovecot Dovecot 2.0.6
6.5
CVSSv2
CVE-2010-0535
Dovecot in Apple Mac OS X 10.6 prior to 10.6.3, when Kerberos is enabled, does not properly enforce the service access control list (SACL) for sending and receiving e-mail, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
Apple Mac Os X Server 10.6.1
Apple Mac Os X Server 10.6.2
Apple Mac Os X 10.6.1
Apple Mac Os X Server 10.6.0
Apple Mac Os X 10.6.0
Apple Mac Os X 10.6.2
6.4
CVSSv2
CVE-2010-3304
The ACL plugin in Dovecot 1.2.x prior to 1.2.13 propagates INBOX ACLs to newly created mailboxes in certain configurations, which might allow remote malicious users to read mailboxes that have unintended weak ACLs.
Dovecot Dovecot 1.2.2
Dovecot Dovecot 1.2.7
Dovecot Dovecot 1.2.4
Dovecot Dovecot 1.2.9
Dovecot Dovecot 1.2.11
Dovecot Dovecot 1.2.1
Dovecot Dovecot 1.2.8
Dovecot Dovecot 1.2.6
Dovecot Dovecot 1.2.5
Dovecot Dovecot 1.2.10
Dovecot Dovecot 1.2.3
Dovecot Dovecot 1.2.0
Dovecot Dovecot 1.2.12
6.4
CVSSv2
CVE-2008-5301
Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote malicious users to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
Dovecot Dovecot 1.0.6
Dovecot Dovecot 1.1.5
Dovecot Dovecot 1.0.5
Dovecot Dovecot 1.1.4
Dovecot Dovecot 1.0
Dovecot Dovecot 1.1
Dovecot Dovecot 1.0.12
Dovecot Dovecot 1.0.2
Dovecot Dovecot 1.1.2
Dovecot Dovecot 1.0.7
Dovecot Dovecot 0.99.14
Dovecot Dovecot 1.0.3
Dovecot Dovecot 1.0.8
Dovecot Dovecot 1.0.4
Dovecot Dovecot 1.0.10
Dovecot Dovecot 1.0.9
Dovecot Dovecot 0.99.13
Dovecot Dovecot 1.1.1
Dovecot Dovecot 1.1.0
Dovecot Dovecot 1.1.3
6.4
CVSSv2
CVE-2008-4577
The ACL plugin in Dovecot prior to 1.1.4 treats negative access rights as if they are positive access rights, which allows malicious users to bypass intended access restrictions.
Dovecot Dovecot
Fedoraproject Fedora 9
Fedoraproject Fedora 8
Opensuse Opensuse 10.3-11.1
Canonical Ubuntu Linux 9.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 8.04
6
CVSSv2
CVE-2007-4211
The ACL plugin in Dovecot prior to 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
Dovecot Dovecot
5.8
CVSSv2
CVE-2021-33515
The submission service in Dovecot prior to 2.3.15 allows STARTTLS command injection in lib-smtp. Sensitive information can be redirected to an attacker-controlled address.
Dovecot Dovecot
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 10.0
5.8
CVSSv2
CVE-2013-6171
checkpassword-reply in Dovecot prior to 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account infor...
Dovecot Dovecot 2.1
Dovecot Dovecot 2.2.1
Dovecot Dovecot 2.2.3
Dovecot Dovecot 2.1.4
Dovecot Dovecot 2.1.0
Dovecot Dovecot 2.1.3
Dovecot Dovecot 2.0.9
Dovecot Dovecot 2.0
Dovecot Dovecot 2.1.13
Dovecot Dovecot 2.1.14
Dovecot Dovecot 2.1.6
Dovecot Dovecot 2.2
Dovecot Dovecot 2.1.10
Dovecot Dovecot 2.0.14
Dovecot Dovecot 2.0.7
Dovecot Dovecot 2.0.12
Dovecot Dovecot 2.0.4
Dovecot Dovecot 2.1.12
Dovecot Dovecot 2.0.2
Dovecot Dovecot 2.2.4
Dovecot Dovecot 2.0.1
Dovecot Dovecot 2.2.0
5.8
CVSSv2
CVE-2011-4318
Dovecot 2.0.x prior to 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle mali...
Dovecot Dovecot 2.0.9
Dovecot Dovecot 2.0.14
Dovecot Dovecot 2.0.7
Dovecot Dovecot 2.0.12
Dovecot Dovecot 2.0.4
Dovecot Dovecot 2.0.2
Dovecot Dovecot 2.0.1
Dovecot Dovecot 2.0.10
Dovecot Dovecot 2.0.11
Dovecot Dovecot 2.0.13
Dovecot Dovecot 2.0.8
Dovecot Dovecot 2.0.3
Dovecot Dovecot 2.0.0
Dovecot Dovecot 2.0.15
Dovecot Dovecot 2.0.5
Dovecot Dovecot 2.0.6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »