CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2007-4211 – Dovecot possible privilege ascalation in ACL plugin
https://notcve.org/view.php?id=CVE-2007-4211
08 Aug 2007 — The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command. La extensión ACL del Dovecot anterior a la 1.0.3 permite a usuarios remotos autenticados, con derechos de inserción, guardar ciertos indicadores a través de los comandos (1) COPY o (2) APPEND. • http://secunia.com/advisories/26320 •
CVSS: 7.5EPSS: 0%CPEs: 37EXPL: 0CVE-2007-2231 – Directory traversal in dovecot with zlib plugin
https://notcve.org/view.php?id=CVE-2007-2231
25 Apr 2007 — Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name. Vulnerabilidad de escalado de directorio en index/mbox/mbox-storage.c de Dovecot versiones anteriores a 1.0.rc29, cuando se usa la extensión (plugin) zlib, permite a atacantes remotos leer buzones de correo (mbox files) comprimidos con gzip (.gz) de su elección med... • http://dovecot.org/doc/NEWS •
CVSS: 6.5EPSS: 2%CPEs: 57EXPL: 0CVE-2006-5973
https://notcve.org/view.php?id=CVE-2006-5973
20 Nov 2006 — Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file. Desbordamiento de búfer (off-by-one) en Dovecot 1.0test53 hasta 1.0.rc14, y posiblemente otras versiones, cuando se utilizan los archivos de índice y mmap_disable tiene el valor "Sí", permite a usuarios IMAP o POP3 remotos ... • http://dovecot.org/list/dovecot-news/2006-November/000023.html •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2006-2414
https://notcve.org/view.php?id=CVE-2006-2414
16 May 2006 — Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command. • http://dovecot.org/list/dovecot-cvs/2006-May/005563.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0730
https://notcve.org/view.php?id=CVE-2006-0730
16 Feb 2006 — Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability. • http://secunia.com/advisories/18870 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •