Page 3 of 34 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors. El cliente IMAP, usado en imap-2002b y Pine 4.53, permite que servidores IMAP dañinos originen una denegación de servicio (caída) y posiblemente ejecuten código arbitrario mediante ciertos valores de mailbox deamasiado grandes (lo que causa un desbordamiento de búfer de enteros). • http://marc.info/?l=bugtraq&m=105294024124163&w=2 http://www.redhat.com/support/errata/RHSA-2005-015.html http://www.redhat.com/support/errata/RHSA-2005-114.html http://www.securityfocus.com/archive/1/430302/100/0/threaded https://access.redhat.com/security/cve/CVE-2003-0297 https://bugzilla.redhat.com/show_bug.cgi?id=1617017 •

CVSS: 5.0EPSS: 1%CPEs: 9EXPL: 0

The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. El cliente IMAP para Sylpheed 0.8.11 permite que servidores IMAP remotos dañinos originen una denegación de servicio (caída) mediante ciertos tamaños literales muy largos que causan desbordamientos de búfer de enteros. • http://marc.info/?l=bugtraq&m=105294024124163&w=2 •

CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0

Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information. • http://online.securityfocus.com/archive/1/276029 http://www.iss.net/security_center/static/9297.php http://www.securityfocus.com/bid/4963 •

CVSS: 7.8EPSS: 2%CPEs: 5EXPL: 2

The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service (client crash) via a MIME-encoded email with Content-Type header containing an empty boundary field. • https://www.exploit-db.com/exploits/21644 http://online.securityfocus.com/archive/1/284086 http://www.iss.net/security_center/static/9668.php http://www.securityfocus.com/bid/5301 • CWE-20: Improper Input Validation •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

The default configuration of University of Washington IMAP daemon (wu-imapd), when running on a system that does not allow shell access, allows a local user with a valid IMAP account to read arbitrary files as that user. • http://online.securityfocus.com/archive/1/275127 http://www.security.nnov.ru/advisories/courier.asp http://www.securityfocus.com/bid/4909 http://www.washington.edu/imap/IMAP-FAQs/index.html#5.1 https://exchange.xforce.ibmcloud.com/vulnerabilities/9238 •