Debian Courier-Authlib vulnerabilities

CVE-2021-28374 [HIGH] CWE-732 CVE-2021-28374: The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run The Debian courier-authlib package before 0.71.1-2 for Courier Authentication Library creates a /run/courier/authdaemon directory with weak permissions, allowing an attacker to read user information. This may include a cleartext password in some configurations. In general, it includes the user's existence, uid and gids, home and/or Maildir directory,

CVE-2008-2380 [MEDIUM] CVE-2008-2380: courier-authlib - SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, ... SQL injection vulnerability in authpgsqllib.c in Courier-Authlib before 0.62.0, when a non-Latin locale Postgres database is used, allows remote attackers to execute arbitrary SQL commands via query parameters containing apostrophes. Scope: local bookworm: resolved (fixed in 0.61.0-1+lenny1) bullseye: resolved (fixed in 0.61.0-1+lenny1) forky: resolved (fixe

CVE-2008-2667 [MEDIUM] CVE-2008-2667: courier-authlib - SQL injection vulnerability in the Courier Authentication Library (aka courier-a... SQL injection vulnerability in the Courier Authentication Library (aka courier-authlib) before 0.60.6 on SUSE openSUSE 10.3 and 11.0, and other platforms, when MySQL and a non-Latin character set are used, allows remote attackers to execute arbitrary SQL commands via the username and unspecified other vectors. Scope: local bookworm: resolved (fixed in 0.60.1