fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.
Max CVSS
7.8
EPSS Score
7.92%
Published
2005-12-21
Updated
2018-10-19
fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.
Max CVSS
2.1
EPSS Score
0.09%
Published
2005-10-27
Updated
2018-10-03
Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier.
Max CVSS
5.0
EPSS Score
4.84%
Published
2005-07-27
Updated
2018-10-19
3 vulnerabilities found