Filtered by vendor Dovecot
Subscribe
Total
69 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2010-0745 | 1 Dovecot | 1 Dovecot | 2026-06-16 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote attackers to cause a denial of service (CPU consumption) via long headers in an e-mail message. | |||||
| CVE-2009-3897 | 1 Dovecot | 1 Dovecot | 2026-06-16 | 4.6 MEDIUM | 5.5 MEDIUM |
| Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself. | |||||
| CVE-2009-3235 | 1 Dovecot | 1 Dovecot | 2026-06-16 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632. | |||||
| CVE-2008-5301 | 1 Dovecot | 1 Dovecot | 2026-06-16 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name. | |||||
| CVE-2008-4907 | 1 Dovecot | 1 Dovecot | 2026-06-16 | 4.3 MEDIUM | N/A |
| The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an assertion error, aka "invalid message address parsing bug." | |||||
| CVE-2008-4870 | 2 Dovecot, Redhat | 2 Dovecot, Enterprise Linux | 2026-06-16 | 2.1 LOW | N/A |
| dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value. | |||||
| CVE-2008-4578 | 1 Dovecot | 1 Dovecot | 2026-06-16 | 5.0 MEDIUM | N/A |
| The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes. | |||||
| CVE-2008-4577 | 4 Canonical, Dovecot, Fedoraproject and 1 more | 4 Ubuntu Linux, Dovecot, Fedora and 1 more | 2026-06-16 | 6.4 MEDIUM | 7.5 HIGH |
| The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive access rights, which allows attackers to bypass intended access restrictions. | |||||
| CVE-2008-1218 | 1 Dovecot | 1 Dovecot | 2026-06-16 | 6.8 MEDIUM | N/A |
| Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified. | |||||
| CVE-2008-1199 | 1 Dovecot | 1 Dovecot | 2026-06-16 | 4.4 MEDIUM | N/A |
| Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack. | |||||
| CVE-2007-6598 | 1 Dovecot | 1 Dovecot | 2026-06-16 | 6.8 MEDIUM | N/A |
| Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password. | |||||
| CVE-2007-4211 | 1 Dovecot | 1 Dovecot | 2026-06-16 | 6.0 MEDIUM | N/A |
| The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command. | |||||
| CVE-2007-2231 | 1 Dovecot | 1 Dovecot | 2026-06-16 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name. | |||||
| CVE-2026-40020 | 2 Dovecot, Open-xchange | 2 Dovecot, Dovecot | 2026-05-18 | N/A | 3.1 LOW |
| Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed version. No publicly available exploits are known. | |||||
| CVE-2026-33603 | 2 Dovecot, Open-xchange | 2 Dovecot, Dovecot | 2026-05-18 | N/A | 6.8 MEDIUM |
| Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection. If successful, the attacker can eavesdrop communications between Dovecot and client as MITM proxy. Install fixed version. No publicly available exploits are known. | |||||
| CVE-2026-40016 | 2 Dovecot, Open-xchange | 2 Dovecot, Dovecot | 2026-05-18 | N/A | 5.3 MEDIUM |
| Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed version, or alternatively prevent direct access to Sieve scripts via ManageSieve or local access. No publicly available exploits are known. | |||||
| CVE-2026-27851 | 2 Dovecot, Open-xchange | 2 Dovecot, Dovecot | 2026-05-18 | N/A | 7.4 HIGH |
| When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP injection attacks when used in authentication. Avoid using safe filter until on fixed version. No publicly available exploits are known. | |||||
| CVE-2026-42006 | 2 Dovecot, Open-xchange | 2 Dovecot, Dovecot | 2026-05-18 | N/A | 4.3 MEDIUM |
| An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass the limit. Using excessive bracing, attacker can cause memory usage up to configured memory limit. Install fixed version, or configure vsz_limit for imap process to low value. No publicly available exploits are known. | |||||
| CVE-2025-59028 | 2 Dovecot, Open-xchange | 2 Dovecot, Dovecot | 2026-04-30 | N/A | 5.3 MEDIUM |
| When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes (heavy perfomance penalty on large deployments). No publicly available exploits are known. | |||||
| CVE-2025-59032 | 2 Dovecot, Open-xchange | 2 Dovecot, Dovecot | 2026-04-30 | N/A | 7.5 HIGH |
| ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed version. No publicly available exploits are known. | |||||