Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
imap vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-12674
In Dovecot prior to 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
Dovecot Dovecot
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
7.5
CVSSv3
CVE-2020-12100
In Dovecot prior to 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote malicious users to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts.
Dovecot Dovecot
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 20.04
Canonical Ubuntu Linux 16.04
7.5
CVSSv3
CVE-2020-16118
In GNOME Balsa prior to 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c.
Gnome Balsa
Opensuse Leap 15.1
Opensuse Backports Sle 15.0
7.5
CVSSv3
CVE-2020-16094
In imap_scan_tree_recursive in Claws Mail up to and including 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree.
Claws-mail Claws-mail
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
7.5
CVSSv3
CVE-2020-12398
If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird < 68.9.0.
Mozilla Thunderbird
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 20.04
7.5
CVSSv3
CVE-2013-1753
The gzip_decode function in the xmlrpc client library in Python 3.4 and previous versions allows remote malicious users to cause a denial of service (memory consumption) via a crafted HTTP request.
Python Python
7.5
CVSSv3
CVE-2019-11494
In the IMAP Server in Dovecot 2.3.3 up to and including 2.3.5.2, the submission-login service crashes when the client disconnects prematurely during the AUTH command.
Dovecot Dovecot
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.0
Opensuse Leap 15.1
7.5
CVSSv3
CVE-2019-11499
In the IMAP Server in Dovecot 2.3.3 up to and including 2.3.5.2, the submission-login component crashes if AUTH PLAIN is attempted over a TLS secured channel with an unacceptable authentication message.
Dovecot Dovecot
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Leap 15.0
Opensuse Leap 15.1
7.5
CVSSv3
CVE-2018-16890
libcurl versions from 7.36.0 to prior to 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vul...
Haxx Libcurl
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 9.0
Netapp Clustered Data Ontap
Siemens Sinema Remote Connect Client
Oracle Http Server 12.2.1.3.0
Oracle Secure Global Desktop 5.4
Oracle Communications Operations Monitor 3.4
Oracle Communications Operations Monitor 4.0
Redhat Enterprise Linux 8.0
F5 Big-ip Access Policy Manager
1 Github repository
7.5
CVSSv3
CVE-2019-3823
libcurl versions from 7.34.0 to prior to 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set...
Haxx Libcurl
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Debian Debian Linux 9.0
Netapp Clustered Data Ontap
Oracle Http Server 12.2.1.3.0
Oracle Secure Global Desktop 5.4
Oracle Communications Operations Monitor 3.4
Oracle Communications Operations Monitor 4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »