Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2001-1009 | 1 Fetchmail | 1 Fetchmail | 2025-04-03 | 10.0 HIGH | N/A |
| Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious (1) IMAP server or (2) POP/POP3 server to overwrite arbitrary memory and possibly gain privileges via a negative index number as part of a response to a LIST request. | |||||
| CVE-2001-1378 | 1 Fetchmail | 1 Fetchmail | 2025-04-03 | 2.1 LOW | N/A |
| fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files. | |||||
| CVE-2021-39272 | 2 Fedoraproject, Fetchmail | 2 Fedora, Fetchmail | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. | |||||
| CVE-2021-36386 | 2 Fedoraproject, Fetchmail | 2 Fedora, Fetchmail | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user. | |||||