[SECURITY] Fedora 43 Update: nginx-1.30.1-1.fc43

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

EUVD-2026-29473

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

CVE-2026-42006

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

CVE-2026-42245

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, Net::IMAP::ResponseReader has quadratic time complexity when reading large responses containing many string literals. A hostile server can send responses which are...

CLSA-2026-1774613805 python3: Fix of CVE-2025-15366

CVE-2025-15366: reject control characters in IMAP commands...

curl: Security Vulnerability Report: Protocol Injection via Programmatic Options

Summary Multiple text-based protocol handlers in libcurl including FTP, SMTP, POP3, and IMAP are vulnerable to protocol command injection. This occurs when an application sets credentials or other protocol-specific options programmatically e.g., via CURLOPTUSERNAME, CURLOPTPASSWORD, or...

USN-8018-3: Python 2.7 vulnerabilities

USN-8018-1 fixed CVE-2025-12084, CVE-2025-15282, CVE-2026-0672, CVE-2026-0865 for python3. This update provides the corresponding updates for python2.7. Original advisory details: Denis Ledoux discovered that Python incorrectly parsed email message headers. An attacker could possibly use this iss...

cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

MiracleLinux 4 : cyrus-imapd-2.3.16-6.AXS4.3 (AXSA:2011-675:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-675:01 advisory. The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large...

EUVD-2025-12559

Malicious code in bioql PyPI...

EulerOS 2.0 SP11 : ruby (EulerOS-SA-2025-1967)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9, and 0.2.5, there is...

CVE-2002-2325

The c-client library in Internet Message Access Protocol IMAP dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows remote attackers to cause a denial of service client crash via a MIME-encoded email with Content-Type header containing an empty boundary field...

SUSE CVE-2003-0297

c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service crash and possibly execute arbitrary code via certain large 1 literal and 2 mailbox size values that cause either integer signedness errors or integer overflow errors...

Axigen 安全漏洞

Axigen is a mail server with groupware and collaboration features from Axigen. A security vulnerability exists in Axigen version 10.3.3.52, which stems from a two-step authentication issue that allows an attacker to access mailboxes without any CAPTCHA by bypassing the two-step authentication usi...

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S) IMAP(S) POP3(S) and LDAP(S) (openldap only).

...

mutt: Incorrect handling of invalid initial IMAP responses could lead to an authentication attempt over unencrypted connection

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $sslforcetls was processed if an IMAP server's initial server response was invalid. The connection was not properly closed, and the code could continue attempting to authenticate. This could result in authentication credentials...

curl: Requirement to use TLS not properly enforced for IMAP, POP3, and FTP protocols

A flaw was found in curl. This flaw lies in the --ssl-reqd option or related settings in libcurl. Users specify this flag to upgrade to TLS when communicating with either IMAP, POP3 or a FTP server. An attacker controlling such servers could return a crafted response which could lead to curl clie...

AZL-6365 CVE-2021-22946 affecting package curl for versions less than 7.82.0-1

A user can tell curl = 7.20.0 and = 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server --ssl-reqd on the command line orCURLOPTUSESSL set to CURLUSESSLCONTROL or CURLUSESSLALL withlibcurl. This requirement could be bypassed if the server would return a...

Mozilla: IMAP server responses sent by a MITM prior to STARTTLS could be processed

If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected IMAP server responses prior to the completion of the STARTTLS handshake, then Thunderbird didn't ignore the injected data. This could have resulted in Thunderbird showing incorrect information, for...

Mozilla Thunderbird 命令注入漏洞

Mozilla Thunderbird is an open source email client. A command injection vulnerability exists in the Mozilla Thunderbird product, which stems from a problem in the way Thunderbird handles IMAP server responses sent prior to the STARTTLS process. An attacker could exploit this vulnerability to send...