CLSA-2026-1775223681 python: Fix of CVE-2025-15367

CVE-2025-15367: reject control characters in POP3 commands to prevent command injection via newlines...

RLSA-2026:4463 Moderate: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

MiracleLinux 9 : python3.9-3.9.25-3.el9_7.1 (AXSA:2026-295:02)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-295:02 advisory. cpython: IMAP command injection in user-controlled commands CVE-2025-15366 cpython: POP3 command injection in user-controlled commands CVE-2025-15367...

K000160292: Curl vulnerability CVE-2025-14524

Security Advisory Description When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. CVE-2025-14524 Impact The...

USN-8018-2: Python regression

USN-8018-1 fixed vulnerabilities in python3. That update introduced regressions. The patches for CVE-2025-15366 and CVE-2025-15367 caused behavior regressions in IMAP and POP3 handling, which upstream chose to avoid by not backporting them. Additionally, the patch for CVE-2026-0865 incorrectly...

BIT-PYTHON-MIN-2025-15367 POP3 command injection in user-controlled commands

The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...

CVE-2025-14524

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

ALPINE-CVE-2025-14524

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

CVE-2025-14524 bearer token leak on cross-protocol redirect

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

EUVD-2000-0654

Malware in sbrugna...

Moderate: Red Hat Security Advisory: mutt security update

An update for mutt is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

SUSE CVE-2021-38084

An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session...

AZL-6366 CVE-2021-22947 affecting package curl for versions less than 7.82.0-1

When curl = 7.20.0 and = 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instea...

USN-4598-1 libetpan vulnerability

It was discovered that LibEtPan incorrectly handled STARTTLS when using IMAP, SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack. CVE-2020-15953...

USN-4429-1 evolution-data-server vulnerability

It was discovered that Evolution Data Server incorrectly handled STARTTLS when using SMTP and POP3. A remote attacker could possibly use this issue to perform a response injection attack...

POP3 Host Information in NTLM SSP

Nessus can obtain information about the host by examining the NTLM SSP challenge issued during the NTLM authentication, over POP3 protocol. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid108806; scriptversion"1.2"; scriptsetattributeattribute:"pluginmodificationdate"...

Fortinet FortiMail Server Detection via POP3

Binary data 8730.prm...

cURL - Buffer Overflow (PoC)

cURL - Buffer Overflow PoC cURL buffer overflow Wed 06 February 2013 Volema found remotely exploitable buffer overflow vulnerability in libcurl POP3, SMTP protocol handlers which lead to code execution RCE. When negotiating SASL DIGEST-MD5 authentication, the function Curlsaslcreatedigestmd5messa...

cURL Buffer Overflow

cURL buffer overflow Wed 06 February 2013 Volema found remotely exploitable buffer overflow vulnerability in libcurl POP3, SMTP protocol handlers which lead to code execution RCE. When negotiating SASL DIGEST-MD5 authentication, the function Curlsaslcreatedigestmd5message uses the data provided...

cURL Buffer Overflow Vulnerability

A remotely exploitable buffer overflow vulnerability was discovered in the libcurl POP3 and SMTP protocol handlers. Proper exploitation can allow for arbitrary code execution. cURL buffer overflow Wed 06 February 2013 Volema found remotely exploitable buffer overflow vulnerability in libcurl POP3...