CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-38084
https://notcve.org/view.php?id=CVE-2021-38084
03 Aug 2021 — An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session. Se ha detectado un problema en el componente POP3 de Courier Mail Server versiones anteriores a 1.1.5. Unos atacantes de tipo Meddler-in-the-middle pueden canalizar comandos después del comando POP3 STLS, inyectando comandos en texto plano en una sesión de usuario cifrada • https://sourceforge.net/p/courier/mailman/courier-imap/thread/cone.1382574216.483027.8082.1000%40monster.email-scan.com/#msg31555583 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 9EXPL: 0CVE-2005-3532
https://notcve.org/view.php?id=CVE-2005-3532
11 Dec 2005 — authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211920 •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2005-2151
https://notcve.org/view.php?id=CVE-2005-2151
06 Jul 2005 — spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption. • http://secunia.com/advisories/15901 •