CVSS: 6.8EPSS: 2%CPEs: 1EXPL: 0CVE-2007-6598 – dovecot LDAP+auth cache user login mixup
https://notcve.org/view.php?id=CVE-2007-6598
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password. Dovecot anterior a 1.0.10, con determinadas opciones de configuración incluyendo el uso de %variables, no mantiene adecuadamente la caché LDAP+auth, lo cual podría permitir a permite a usuarios autenticados remotamente identificarse como un usuario diferente que tiene la misma contraseña. • http://dovecot.org/list/dovecot-news/2007-December/000057.html http://dovecot.org/list/dovecot-news/2007-December/000058.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00004.html http://osvdb.org/39876 http://secunia.com/advisories/28227 http://secunia.com/advisories/28271 http://secunia.com/advisories/28404 http://secunia.com/advisories/28434 http://secunia.com/advisories/30342 http://secunia.com/advisories/32151 http://www.debian.org/security/2008/dsa • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2006-2414
https://notcve.org/view.php?id=CVE-2006-2414
Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command. • http://dovecot.org/list/dovecot-cvs/2006-May/005563.html http://secunia.com/advisories/20308 http://secunia.com/advisories/20315 http://securityreason.com/securityalert/913 http://www.debian.org/security/2006/dsa-1080 http://www.dovecot.org/list/dovecot-news/2006-May/000006.html http://www.securityfocus.com/archive/1/433878/100/0/threaded http://www.securityfocus.com/bid/17961 http://www.vupen.com/english/advisories/2006/2013 https://exchange.xforce.ibmcloud.com/vulnerabili •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2006-0730
https://notcve.org/view.php?id=CVE-2006-0730
Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. NOTE: vector 2 might be related to a double free vulnerability. • http://secunia.com/advisories/18870 http://www.dovecot.org/list/dovecot/2006-February/011367.html http://www.securityfocus.com/bid/16672 http://www.vupen.com/english/advisories/2006/0549 https://exchange.xforce.ibmcloud.com/vulnerabilities/24709 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •