Search Results (Refine Search)
- CPE Product Version: cpe:/a:dovecot:dovecot:1.2.13
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2011-1929 |
lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and 2.0.x before 2.0.13 does not properly handle '\0' characters in header names, which allows remote attackers to cause a denial of service (daemon crash or mailbox corruption) via a crafted e-mail message. Published: May 24, 2011; 7:55:04 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2010-3780 |
Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service (master process outage) by simultaneously disconnecting many (1) IMAP or (2) POP3 sessions. Published: October 06, 2010; 5:00:01 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2010-3779 |
Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the admin permission to the owner of each mailbox in a non-public namespace, which might allow remote authenticated users to bypass intended access restrictions by changing the ACL of a mailbox, as demonstrated by a symlinked shared mailbox. Published: October 06, 2010; 5:00:01 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2010-3707 |
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving more specific entries that occur after less specific entries, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox. Published: October 06, 2010; 1:00:17 PM -0400 |
V3.x:(not available) V2.0: 5.5 MEDIUM |
CVE-2010-3706 |
plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.5 interprets an ACL entry as a directive to add to the permissions granted by another ACL entry, instead of a directive to replace the permissions granted by another ACL entry, in certain circumstances involving the private namespace of a user, which allows remote authenticated users to bypass intended access restrictions via a request to read or modify a mailbox. Published: October 06, 2010; 1:00:17 PM -0400 |
V3.x:(not available) V2.0: 5.5 MEDIUM |