|Max CVSS||6.8||Min CVSS||4.4||Total Count||2|
|ID||CVSS||Summary||Last (major) update||Published|
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
|15-10-2018 - 21:55||04-01-2008 - 02:46|
Mercurial before 1.0.2 does not enforce the allowpull permission setting for a pull operation from hgweb, which allows remote attackers to read arbitrary files from a repository via an "hg pull" request.
|11-10-2018 - 20:51||27-09-2008 - 10:30|
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delim
|11-10-2018 - 20:30||10-03-2008 - 23:44|
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a s
|11-10-2018 - 20:30||06-03-2008 - 21:44|
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attac
|08-08-2017 - 01:32||18-09-2008 - 15:04|
Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6)
|08-08-2017 - 01:31||10-07-2008 - 23:41|