JLSEC-2026-385

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocol...

Astra Linux - уязвимость в curl

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

CVE-2025-14524

CVE-2025-14524 affects curl: when an HTTP(S) transfer is redirected cross‑protocol to IMAP/LDAP/POP3/SMTP, the OAuth2 bearer token may be leaked to the new target. Root cause: credentials aren’t cleared for the OAuth2 bearer during redirect handling, while username/password are cleared. Several a...

DoveCot Authentication Bypass Vulnerability

Dovecot is an open source based on Linux/UNIX-like systems IMAP and POP3 mail server . DoveCot suffers from an authentication bypass vulnerability. Allowing an attacker to log in as anyone else on the system...

Paragon Initiative Enterprises: Email Spoofing With Your Website's Email

Hey Parogine, I have found Email Spoofing type of Vulnerability in your Website, E-Mail Spoofing Now the Question is, What is E-mail Spoofing: Email spoofing is the creation of email messages with a forged sender address. Because the core email protocols do not have any mechanism for...

DEBIAN-CVE-2010-3780

Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause a denial of service master process outage by simultaneously disconnecting many 1 IMAP or 2 POP3 sessions...

Microsoft Outlook 2002 Script Execution (CVE-2004-0121)

Microsoft provides server and client side implementations of email protocols such as SMTP, POP3 and IMAP. The widely used Microsoft Outlook product is an implementation of an email client capable of handling most standard Internet protocols as well as numerous proprietary Microsoft protocols and...

Microsoft Exchange Server Outlook Web Access Script Injection (MS06-029; CVE-2006-1193)

Microsoft provides server and client side implementations of email protocols such as SMTP, POP3 and IMAP. The widely used Exchange Server product is an implementation of an email server capable of handling most standard Internet protocols as well as numerous proprietary Microsoft protocols and...

EasyMail SMTP Object ActiveX Control Multiple Buffer Overflows

EasyMail Objects, a set of COM objects for supporting email protocols, is installed on the remote Windows host. It may have been bundled with a third-party application, such as Oracle Document Capture, Earthlink internet access software, Borland Caliber RM Client, and FrontRange Heat. The SMTP...

Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows (1)

Atrium Software Mercur Mail Server 3.2 - Multiple Buffer Overflows 1 // source: https://www.securityfocus.com/bid/1051/info Atrium Software Mercur is a SMTP, POP3, and IMAP mail server. Insufficient boundary checking exists in the code that handles within the SMTP "mail from" command, the POP3...

PT-1999-1842 · Netscape · Netscape

Name of the Vulnerable Software and Affected Versions: Netscape version 4.7 Description: The issue concerns the storage of user passwords in the preferences.js file during email sessions. Specifically, when using IMAP or POP, user passwords are recorded, regardless of the "remember passwords"...