Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
imap vulnerabilities and exploits
(subscribe to this query)
7.4
CVSSv3
CVE-2021-20247
A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the des...
Mbsync Project Mbsync
Debian Debian Linux 9.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Extra Packages For Enterprise Linux 8.0
7.4
CVSSv3
CVE-2021-26911
core/imap/MCIMAPSession.cpp in Canary Mail prior to 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode.
Canarymail Canary Mail 3.20
Canarymail Canary Mail 3.21
Libmailcore Mailcore2 0.6.4
7.4
CVSSv3
CVE-2020-15953
LibEtPan up to and including 1.9.4, as used in MailCore 2 up to and including 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-i...
Libetpan Project Libetpan
Libmailcore Mailcore2
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 9.0
7.4
CVSSv3
CVE-2020-13163
em-imap 0.5 uses the library eventmachine in an insecure way that allows an malicious user to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified.
Em-imap Project Em-imap 0.5
7.1
CVSSv3
CVE-2017-14461
A specially crafted email delivered over SMTP and passed on to Dovecot by MTA can trigger an out of bounds read resulting in potential sensitive information disclosure and denial of service. In order to trigger this vulnerability, an attacker needs to send a specially crafted ema...
Dovecot Dovecot 2.2.33.2
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Ubuntu Ubuntu 14.04
Ubuntu Ubuntu 16.04
Ubuntu Ubuntu 17.10
7
CVSSv3
CVE-2021-31799
In RDoc 3.11 up to and including 6.x prior to 6.3.1, as distributed with Ruby up to and including 3.0.1, it is possible to execute arbitrary code via | and tags in a filename.
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Ruby-lang Rdoc
Oracle Jd Edwards Enterpriseone Tools
6.8
CVSSv3
CVE-2020-24386
An issue exists in Dovecot prior to 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure).
Dovecot Dovecot
Debian Debian Linux 10.0
Fedoraproject Fedora 32
6.5
CVSSv3
CVE-2021-40111
In Apache James, while fuzzing with Jazzer the IMAP parsing stack, we discover that crafted APPEND and STATUS IMAP command could be used to trigger infinite loops resulting in expensive CPU computations and OutOfMemory exceptions. This can be used for a Denial Of Service attack. ...
Apache James
6.5
CVSSv3
CVE-2021-31855
KDE Messagelib up to and including 5.17.0 reveals cleartext of encrypted messages in some situations. Deleting an attachment of a decrypted encrypted message stored on a remote server (e.g., an IMAP server) causes KMail to upload the decrypted content of the message to the remote...
Kde Messagelib
6.5
CVSSv3
CVE-2021-3181
rfc822.c in Mutt up to and including 2.0.4 allows remote malicious users to cause a denial of service (mailbox unavailability) by sending email messages with sequences of semicolon characters in RFC822 address fields (aka terminators of empty groups). A small email message from t...
Mutt Mutt
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 32
Fedoraproject Fedora 33
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »