Lucene search
+L

84 matches found

Tenable Nessus
Tenable Nessus
added 2025/10/03 12:0 a.m.5 views

Slackware Linux 15.0 / current fetchmail Vulnerability (SSA:2025-276-01)

The version of fetchmail installed on the remote host is prior to 6.4.27 / 6.5.6. It is, therefore, affected by a vulnerability as referenced in the SSA:2025-276-01 advisory. New fetchmail packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the...

5.6AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:0 a.m.4 views

SUSE CVE-2010-0562

The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via an SSL X.509 certificate containing non-printabl...

6.8CVSS8.3AI score0.02508EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:53 a.m.5 views

SUSE CVE-2011-1947

fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a 1 STARTTLS or 2 STLS request, which allows remote servers to cause a denial of service application hang by acknowledging the request but not sending additional packets...

5CVSS6.9AI score0.02551EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.5 views

SUSE CVE-2021-36386

reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any...

5.1CVSS7.5AI score0.0256EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.6 views

SUSE CVE-2021-39272

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

5.9CVSS5.1AI score0.00925EPSS
Exploits0References10
OSV
OSV
added 2021/08/30 6:15 a.m.4 views

DEBIAN-CVE-2021-39272

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH...

5.9CVSS5.3AI score0.00925EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/08/30 12:0 a.m.3 views

Fetchmail 加密问题漏洞

Fetchmail is an application for downloading emails. Fetchmail versions prior to 6.4.22 have a security vulnerability that prevents the implementation of STARTTLS session encryption in certain cases, such as IMAP and pre-authorization in certain situations...

5.9CVSS5.5AI score0.00925EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2021/08/24 12:0 a.m.31 views

openSUSE 15 Security Update : fetchmail (openSUSE-SU-2021:1183-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1183-1 advisory. - reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow mail server...

7.5CVSS7.4AI score0.0256EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2021/08/21 12:0 a.m.22 views

SUSE SLED15 / SLES15 Security Update : fetchmail (SUSE-SU-2021:2791-1)

The remote SUSE Linux SLED15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2791-1 advisory. - CVE-2021-36386: Fixed a missing variable initialization that can cause read from bad memory locations. bsc1188875 - Change...

7.5CVSS6.8AI score0.0256EPSS
Exploits0References5
OPENSUSE Linux
OPENSUSE Linux
added 2021/08/20 12:0 a.m.54 views

Security update for fetchmail (moderate)

openSUSE Security Update: Security update for fetchmail Announcement ID: openSUSE-SU-2021:2791-1 Rating: moderate References: 1188034 1188875 Cross-References: CVE-2021-36386 CVSS scores: CVE-2021-36386 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-36386 SUSE: 5.1...

5.1CVSS6.7AI score0.0256EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/08/19 12:0 a.m.29 views

SUSE SLES12 Security Update : fetchmail (SUSE-SU-2021:2771-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:2771-1 advisory. - CVE-2021-36386: DoS or information disclosure in some configurations bsc1188875 - Change PASSWORDLEN from 64 to 256 bsc1188034 - Set the...

7.5CVSS6.8AI score0.0256EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2021/08/05 12:0 a.m.5 views

The vulnerability of the fetchmail reception and forwarding utility, related to incorrect resource initialization, allows a hacker to gain access to confidential information.

The vulnerability of the fetchmail reception and forwarding utility is related to incorrect initialization of the resource. Exploiting this vulnerability can allow an attacker to access confidential information...

6.1CVSS7.1AI score0.0256EPSS
Exploits0References7Affected Software3
OSV
OSV
added 2021/07/30 2:15 p.m.5 views

AZL-7226 CVE-2021-36386 affecting package fetchmail for versions less than 6.4.22-1

reportvbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf valist argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any...

7.5CVSS7.2AI score0.0256EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/07/29 12:0 a.m.5 views

Fetchmail 资源管理错误漏洞

Fetchmail is an application for downloading emails. A security vulnerability exists in versions of Fetchmail prior to 6.4.20. The vulnerability stems from the fact that reportvbuild in report.c sometimes ignores the initialization of the valist parameter. This could result in a denial of service ...

7.5CVSS7.2AI score0.0256EPSS
Exploits0References14
OSV
OSV
added 2012/12/21 5:46 a.m.3 views

CVE-2012-3482

Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to 1 cause a denial of service crash and delayed delivery of inbound mail via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or 2 obtain sensitive informati...

6.5AI score
Exploits0References8
OpenVAS
OpenVAS
added 2012/09/11 12:0 a.m.19 views

Slackware Advisory SSA:2003-300-02 fetchmail security update

The remote host is missing an update as announced via advisory SSA:2003-300-02. OpenVAS Vulnerability Test $Id: esoftslkssa200330002.nasl 6598 2017-07-07 09:36:44Z cfischer $ Description: Auto-generated from the corresponding slackware advisory Authors: Thomas Reinke Copyright: Copyright c 2012...

5CVSS0.5AI score0.01943EPSS
Exploits0
OSV
OSV
added 2011/06/02 7:55 p.m.4 views

CVE-2011-1947

fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a 1 STARTTLS or 2 STLS request, which allows remote servers to cause a denial of service application hang by acknowledging the request but not sending additional packets...

6.7AI score
Exploits0References14
OSV
OSV
added 2010/02/08 9:30 p.m.7 views

CVE-2010-0562

The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via an SSL X.509 certificate containing non-printabl...

8.2AI score
Exploits0References8
OSV
OSV
added 2009/08/07 7:0 p.m.10 views

CVE-2009-2666

socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...

5.6AI score
Exploits0References17
OSV
OSV
added 2009/08/07 7:0 p.m.1 views

DEBIAN-CVE-2009-2666

socket.c in fetchmail before 6.3.11 does not properly handle a '\0' character in a domain name in the subject's Common Name CN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification...

6.4CVSS6.8AI score0.01503EPSS
Exploits1References1
Rows per page
Query Builder