Vulnerabilities > Gnome > Balsa
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-07-29 | CVE-2020-16118 | NULL Pointer Dereference vulnerability in multiple products In GNOME Balsa before 2.6.0, a malicious server operator or man in the middle can trigger a NULL pointer dereference and client crash by sending a PREAUTH response to imap_mbox_connect in libbalsa/imap/imap-handle.c. | 7.5 |
2020-05-28 | CVE-2020-13645 | Improper Certificate Validation vulnerability in multiple products In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. | 6.5 |
2007-12-12 | CVE-2007-5007 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Gnome Balsa Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command. | 6.8 |