Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dovecot vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2007-6598
Dovecot prior to 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
Dovecot Dovecot
6.8
CVSSv2
CVE-2008-1218
Argument injection vulnerability in Dovecot 1.0.x prior to 1.0.13, and 1.1.x prior to 1.1.rc3, when using blocking passdbs, allows remote malicious users to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable th...
Dovecot Dovecot
1 EDB exploit
4.6
CVSSv2
CVE-2009-3897
Dovecot 1.2.x prior to 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the b...
Dovecot Dovecot
6
CVSSv2
CVE-2007-4211
The ACL plugin in Dovecot prior to 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
Dovecot Dovecot
5
CVSSv2
CVE-2020-10957
In Dovecot prior to 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp.
Dovecot Dovecot
5
CVSSv2
CVE-2020-10958
In Dovecot prior to 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command.
Dovecot Dovecot
5
CVSSv2
CVE-2020-10967
In Dovecot prior to 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart.
Dovecot Dovecot
2.1
CVSSv2
CVE-2008-4870
dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
Dovecot Dovecot 1.0.7
5
CVSSv2
CVE-2006-2414
Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote malicious users to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
Timo Sirainen Dovecot 1.0 Beta7
Timo Sirainen Dovecot 1.0 Beta2
Timo Sirainen Dovecot 1.0 Beta3
Timo Sirainen Dovecot 1.0
7.5
CVSSv2
CVE-2019-11500
In Dovecot prior to 2.2.36.4 and 2.3.x prior to 2.3.7.2 (and Pigeonhole prior to 0.5.7.2), protocol processing can fail for quoted strings. This occurs because '\0' characters are mishandled, and can lead to out-of-bounds writes and remote code execution.
Dovecot Dovecot
Dovecot Pigeonhole
Debian Debian Linux 8.0
Fedoraproject Fedora 30
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »