Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
dovecot dovecot vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-4907
The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote malicious users to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "...
Dovecot Dovecot 1.1.4
Dovecot Dovecot 1.1.5
1 EDB exploit
NA
CVE-2008-4870
dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value.
Dovecot Dovecot 1.0.7
7.5
CVSSv3
CVE-2008-4577
The ACL plugin in Dovecot prior to 1.1.4 treats negative access rights as if they are positive access rights, which allows malicious users to bypass intended access restrictions.
Dovecot Dovecot
Fedoraproject Fedora 9
Fedoraproject Fedora 8
Opensuse Opensuse 10.3-11.1
Canonical Ubuntu Linux 9.04
Canonical Ubuntu Linux 8.10
Canonical Ubuntu Linux 8.04
NA
CVE-2008-4578
The ACL plugin in Dovecot prior to 1.1.4 allows malicious users to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
Dovecot Dovecot 1.0.rc15
Dovecot Dovecot 1.0.rc14
Dovecot Dovecot 1.0.7
Dovecot Dovecot 1.0.rc22
Dovecot Dovecot 1.0.9
Dovecot Dovecot 1.0.rc25
Dovecot Dovecot 0.99.13
Dovecot Dovecot 1.0.beta2
Dovecot Dovecot 1.0.5
Dovecot Dovecot 1.0.beta6
Dovecot Dovecot 1.0.rc13
Dovecot Dovecot 1.0.rc5
Dovecot Dovecot 1.1.0
Dovecot Dovecot 1.1.1
Dovecot Dovecot 1.0.12
Dovecot Dovecot 1.1
Dovecot Dovecot 1.0.rc20
Dovecot Dovecot 1.0.rc2
Dovecot Dovecot 1.0.8
Dovecot Dovecot 1.0.rc23
Dovecot Dovecot 1.0.rc26
Dovecot Dovecot 1.0.beta1
NA
CVE-2008-1218
Argument injection vulnerability in Dovecot 1.0.x prior to 1.0.13, and 1.1.x prior to 1.1.rc3, when using blocking passdbs, allows remote malicious users to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable th...
Dovecot Dovecot
1 EDB exploit
NA
CVE-2008-1199
Dovecot prior to 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack.
Dovecot Dovecot 1.0.4
Dovecot Dovecot 1.0.5
Dovecot Dovecot 1.0.beta7
Dovecot Dovecot 1.0.beta8
Dovecot Dovecot 1.0.rc2
Dovecot Dovecot 1.0.rc3
Dovecot Dovecot 1.0 Rc29
Dovecot Dovecot 1.0
Dovecot Dovecot 1.0.10
Dovecot Dovecot 1.0.8
Dovecot Dovecot 1.0.9
Dovecot Dovecot 1.0.rc11
Dovecot Dovecot 1.0.rc12
Dovecot Dovecot 1.0.rc13
Dovecot Dovecot 1.0.rc6
Dovecot Dovecot 1.0.rc7
Dovecot Dovecot 0.99.13
Dovecot Dovecot 0.99.14
Dovecot Dovecot 1.0.6
Dovecot Dovecot 1.0.7
Dovecot Dovecot 1.0.rc1
Dovecot Dovecot 1.0.rc10
NA
CVE-2007-6598
Dovecot prior to 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
Dovecot Dovecot
NA
CVE-2007-5794
Race condition in nss_ldap, when used in applications that are linked against the pthread library and fork after a call to nss_ldap, might send user data to the wrong process because of improper handling of the LDAP connection. NOTE: this issue was originally reported for Dovecot...
Nss Ldap Nss Ldap
NA
CVE-2007-4211
The ACL plugin in Dovecot prior to 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
Dovecot Dovecot
NA
CVE-2007-2231
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot prior to 1.0.rc29, when using the zlib plugin, allows remote malicious users to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
Dovecot Dovecot 1.0.beta4
Dovecot Dovecot 1.0.beta5
Dovecot Dovecot 1.0.rc11
Dovecot Dovecot 1.0.rc12
Dovecot Dovecot 1.0.rc2
Dovecot Dovecot 1.0.rc20
Dovecot Dovecot 1.0.rc27
Dovecot Dovecot 1.0.rc28
Dovecot Dovecot 1.0.rc9
Dovecot Dovecot 1.0.beta2
Dovecot Dovecot 1.0.beta3
Dovecot Dovecot 1.0.rc1
Dovecot Dovecot 1.0.rc10
Dovecot Dovecot 1.0.rc18
Dovecot Dovecot 1.0.rc19
Dovecot Dovecot 1.0.rc25
Dovecot Dovecot 1.0.rc26
Dovecot Dovecot 1.0.rc7
Dovecot Dovecot 1.0.rc8
Dovecot Dovecot 1.0.beta6
Dovecot Dovecot 1.0.beta7
Dovecot Dovecot 1.0.rc13
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »