Vulnerabilities > Dovecot > Dovecot > 2.0.15
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-12-09 | CVE-2013-6171 | Improper Authentication vulnerability in Dovecot checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the response to the dovecot-auth server. | 5.8 |
2013-03-07 | CVE-2011-4318 | Improper Input Validation vulnerability in Dovecot Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and hostname is used to define the proxy destination, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate for a different hostname. | 5.8 |