| Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-2231 | 4.3 |
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
|
16-10-2018 - 16:42 | 25-04-2007 - 15:19 | |
| CVE-2007-6598 | 6.8 |
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
|
15-10-2018 - 21:55 | 04-01-2008 - 02:46 | |
| CVE-2008-1199 | 4.4 |
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a s
|
11-10-2018 - 20:30 | 06-03-2008 - 21:44 | |
| CVE-2007-4211 | 6.0 |
The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
|
29-09-2017 - 01:29 | 08-08-2007 - 02:17 |