Debian Dovecot vulnerabilities

73 known vulnerabilities affecting debian/dovecot.

Total CVEs

CISA KEV

Public exploits

Exploited in wild

Severity breakdown

CRITICAL1HIGH17MEDIUM29LOW26

Vulnerabilities

Page 4 of 4

CVE-2008-1199MEDIUMCVSS 4.4fixed in dovecot 1:1.0.12-1 (bookworm)2008

CVE-2008-1199 [MEDIUM] CVE-2008-1199: dovecot - Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot... Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack. Scope: local bookworm: resolved (fixed in 1:1.0.12-1) bullseye: resolved (fixed in 1:1.0.12-1) forky: r

debian

CVE-2008-1218MEDIUMCVSS 6.8PoCfixed in dovecot 1:1.0.13-1 (bookworm)2008

CVE-2008-1218 [MEDIUM] CVE-2008-1218: dovecot - Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x befor... Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified. Scope: local bookworm: resolved (fixed in 1:1.0.13-1)

debian

CVE-2008-5301MEDIUMCVSS 6.4fixed in dovecot 1:1.0.15-2.3 (bookworm)2008

CVE-2008-5301 [MEDIUM] CVE-2008-5301: dovecot - Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1... Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name. Scope: local bookworm: resolved (fixed in 1:1.0.15-2.3) bullseye: resolved (fixed in 1:1.0.15-2.3) forky: resolved (fixed in 1:1.0.15-2.3) sid: resolved (fixed in

debian

CVE-2008-4577LOWCVSS 7.5fixed in dovecot 1:1.0.15-2.2 (bookworm)2008

CVE-2008-4577 [HIGH] CVE-2008-4577: dovecot - The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they ... The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions. Scope: local bookworm: resolved (fixed in 1:1.0.15-2.2) bullseye: resolved (fixed in 1:1.0.15-2.2) forky: resolved (fixed in 1:1.0.15-2.2) sid: resolved (fixed in 1:1.0.15-2.2) trixie: resolved (fixe

debian

CVE-2008-4578LOWCVSS 5.0fixed in dovecot 1:1.1.9-1 (bookworm)2008

CVE-2008-4578 [MEDIUM] CVE-2008-4578: dovecot - The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended acces... The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes. Scope: local bookworm: resolved (fixed in 1:1.1.9-1) bullseye: resolved (fixed in 1:1.1.9-1) forky: resolved (fixed in 1:1.1.9-1) sid: resolved (fixed in 1:1.1.9-1) trixie: resolved (fixed in 1:1

debian

CVE-2008-4907LOWCVSS 4.3PoCfixed in dovecot 1:1.1.7-1 (bookworm)2008

CVE-2008-4907 [MEDIUM] CVE-2008-4907: dovecot - The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENV... The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug." Scope: local bookworm: resolved (fixed in 1:1.1.7-1) bullsey

debian

CVE-2008-4870LOWCVSS 2.12008

CVE-2008-4870 [LOW] CVE-2008-4870: dovecot - dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses wo... dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

debian

CVE-2007-2231MEDIUMCVSS 4.3fixed in dovecot 1.0.rc29-1 (bookworm)2007

CVE-2007-2231 [MEDIUM] CVE-2007-2231: dovecot - Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before... Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name. Scope: local bookworm: resolved (fixed in 1.0.rc29-1) bullseye: resolved (fixed in 1.0.rc29-1) forky: resolved (fixed in

debian

CVE-2007-6598LOWCVSS 6.8fixed in dovecot 1:1.0.10-1 (bookworm)2007

CVE-2007-6598 [MEDIUM] CVE-2007-6598: dovecot - Dovecot before 1.0.10, with certain configuration options including use of %vari... Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password. Scope: local bookworm: resolved (fixed in 1:1.0.10-1) bullseye: resolved (fixed in 1:1.0.10-1) forky: resolved (fixed in 1:1.0.10-1)

debian

CVE-2007-4211LOWCVSS 6.0fixed in dovecot 1:1.0.3-2 (bookworm)2007

CVE-2007-4211 [MEDIUM] CVE-2007-4211: dovecot - The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with th... The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command. Scope: local bookworm: resolved (fixed in 1:1.0.3-2) bullseye: resolved (fixed in 1:1.0.3-2) forky: resolved (fixed in 1:1.0.3-2) sid: resolved (fixed in 1:1.0.3-2) trixie: resolved (fixed in 1:1.0.3-2)

debian

CVE-2006-5973MEDIUMCVSS 5.0fixed in dovecot 1.0.rc15-1 (bookworm)2006

CVE-2006-5973 [MEDIUM] CVE-2006-5973: dovecot - Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly o... Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file. Scope: local bookworm: resolved (fixed in 1.0.rc15-1) bullseye: resolved (fixed

debian

CVE-2006-0730MEDIUMCVSS 5.0fixed in dovecot 1.0.beta3-1 (bookworm)2006

CVE-2006-0730 [MEDIUM] CVE-2006-0730: dovecot - Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote att... Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability. Scope: local

debian

CVE-2006-2414LOWCVSS 5.0fixed in dovecot 1.0.beta8-1 (bookworm)2006

CVE-2006-2414 [MEDIUM] CVE-2006-2414: dovecot - Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote atta... Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command. Scope: local bookworm: resolved (fixed in 1.0.beta8-1) bullseye: resolved (fixed in 1.0.beta8-1) forky: resolved (fixed in 1.0.beta8

debian

← Previous4 / 4