Vulnerabilities > Fetchmail > Fetchmail > 6.3.18
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-30 | CVE-2021-39272 | Cleartext Transmission of Sensitive Information vulnerability in multiple products Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. | 5.9 |
2021-07-30 | CVE-2021-36386 | Missing Initialization of Resource vulnerability in multiple products report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. | 7.5 |
2012-12-21 | CVE-2012-3482 | Remote Denial of Service vulnerability in Fetchmail NTLM Authentication Debug Mode Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read. network fetchmail | 5.8 |
2011-06-02 | CVE-2011-1947 | Resource Management Errors vulnerability in Fetchmail fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets. | 5.0 |