| Definition ID | Class | Title | Last Modified |
|---|
| oval:org.mitre.oval:def:10458 | V | Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password. | 2013-04-29 |
| oval:org.mitre.oval:def:10739 | V | Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a symlink attack. | 2013-04-29 |
| oval:org.mitre.oval:def:10995 | V | Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name. | 2013-04-29 |
| oval:org.mitre.oval:def:11558 | V | The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command. | 2013-04-29 |