dovecot dovecot vulnerabilities and exploits

(subscribe to this query)

checkpassword-reply in Dovecot prior to 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account infor...

Dovecot Dovecot Dovecot Dovecot 2.0 Dovecot Dovecot 2.0.0 Dovecot Dovecot 2.0.1 Dovecot Dovecot 2.0.2 Dovecot Dovecot 2.0.3 Dovecot Dovecot 2.0.4 Dovecot Dovecot 2.0.5 Dovecot Dovecot 2.0.6 Dovecot Dovecot 2.0.7 Dovecot Dovecot 2.0.8 Dovecot Dovecot 2.0.9

lib-mail/message-header-parser.c in Dovecot 1.2.x prior to 1.2.17 and 2.0.x prior to 2.0.13 does not properly handle '\0' characters in header names, which allows remote malicious users to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-ma...

Dovecot Dovecot 1.2.0 Dovecot Dovecot 1.2.1 Dovecot Dovecot 1.2.2 Dovecot Dovecot 1.2.3 Dovecot Dovecot 1.2.4 Dovecot Dovecot 1.2.5 Dovecot Dovecot 1.2.6 Dovecot Dovecot 1.2.7 Dovecot Dovecot 1.2.8 Dovecot Dovecot 1.2.9 Dovecot Dovecot 1.2.10 Dovecot Dovecot 1.2.11

Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote malicious users to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.

Dovecot Dovecot 0.99.13 Dovecot Dovecot 0.99.14 Dovecot Dovecot 1.0 Dovecot Dovecot 1.0.2 Dovecot Dovecot 1.0.3 Dovecot Dovecot 1.0.4 Dovecot Dovecot 1.0.5 Dovecot Dovecot 1.0.6 Dovecot Dovecot 1.0.7 Dovecot Dovecot 1.0.8 Dovecot Dovecot 1.0.9 Dovecot Dovecot 1.0.10

plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x prior to 1.2.15 and 2.0.x prior to 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circ...

Dovecot Dovecot 1.2.0 Dovecot Dovecot 1.2.1 Dovecot Dovecot 1.2.2 Dovecot Dovecot 1.2.3 Dovecot Dovecot 1.2.4 Dovecot Dovecot 1.2.5 Dovecot Dovecot 1.2.6 Dovecot Dovecot 1.2.7 Dovecot Dovecot 1.2.8 Dovecot Dovecot 1.2.9 Dovecot Dovecot 1.2.10 Dovecot Dovecot 1.2.11

plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x prior to 1.2.15 and 2.0.x prior to 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circ...

Dovecot Dovecot 1.2.0 Dovecot Dovecot 1.2.1 Dovecot Dovecot 1.2.2 Dovecot Dovecot 1.2.3 Dovecot Dovecot 1.2.4 Dovecot Dovecot 1.2.5 Dovecot Dovecot 1.2.6 Dovecot Dovecot 1.2.7 Dovecot Dovecot 1.2.8 Dovecot Dovecot 1.2.9 Dovecot Dovecot 1.2.10 Dovecot Dovecot 1.2.11

Dovecot 1.2.x prior to 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions.

Dovecot Dovecot 1.2.0 Dovecot Dovecot 1.2.1 Dovecot Dovecot 1.2.2 Dovecot Dovecot 1.2.3 Dovecot Dovecot 1.2.4 Dovecot Dovecot 1.2.5 Dovecot Dovecot 1.2.6 Dovecot Dovecot 1.2.7 Dovecot Dovecot 1.2.8 Dovecot Dovecot 1.2.9 Dovecot Dovecot 1.2.10 Dovecot Dovecot 1.2.11

Dovecot 1.2.x prior to 1.2.15 and 2.0.x prior to 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by ...

Dovecot Dovecot 1.2.0 Dovecot Dovecot 1.2.1 Dovecot Dovecot 1.2.2 Dovecot Dovecot 1.2.3 Dovecot Dovecot 1.2.4 Dovecot Dovecot 1.2.5 Dovecot Dovecot 1.2.6 Dovecot Dovecot 1.2.7 Dovecot Dovecot 1.2.8 Dovecot Dovecot 1.2.9 Dovecot Dovecot 1.2.10 Dovecot Dovecot 1.2.11

Dovecot 2.0.x prior to 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle mali...

Dovecot Dovecot 2.0.0 Dovecot Dovecot 2.0.1 Dovecot Dovecot 2.0.2 Dovecot Dovecot 2.0.3 Dovecot Dovecot 2.0.4 Dovecot Dovecot 2.0.5 Dovecot Dovecot 2.0.6 Dovecot Dovecot 2.0.7 Dovecot Dovecot 2.0.8 Dovecot Dovecot 2.0.9 Dovecot Dovecot 2.0.10 Dovecot Dovecot 2.0.11

script-login in Dovecot 2.0.x prior to 2.0.13 does not follow the user and group configuration settings, which might allow remote authenticated users to bypass intended access restrictions by leveraging a script.

Dovecot Dovecot 2.0.0 Dovecot Dovecot 2.0.1 Dovecot Dovecot 2.0.2 Dovecot Dovecot 2.0.3 Dovecot Dovecot 2.0.4 Dovecot Dovecot 2.0.5 Dovecot Dovecot 2.0.6 Dovecot Dovecot 2.0.7 Dovecot Dovecot 2.0.8 Dovecot Dovecot 2.0.9 Dovecot Dovecot 2.0.10 Dovecot Dovecot 2.0.11

script-login in Dovecot 2.0.x prior to 2.0.13 does not follow the chroot configuration setting, which might allow remote authenticated users to conduct directory traversal attacks by leveraging a script.

Dovecot Dovecot 2.0.0 Dovecot Dovecot 2.0.1 Dovecot Dovecot 2.0.2 Dovecot Dovecot 2.0.3 Dovecot Dovecot 2.0.4 Dovecot Dovecot 2.0.5 Dovecot Dovecot 2.0.6 Dovecot Dovecot 2.0.7 Dovecot Dovecot 2.0.8 Dovecot Dovecot 2.0.9 Dovecot Dovecot 2.0.10 Dovecot Dovecot 2.0.11

1 2 3 4 5 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook