Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/6302?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/6302?format=api", "purl": "pkg:deb/debian/fetchmail@5.9.11-6.2", "type": "deb", "namespace": "debian", "name": "fetchmail", "version": "5.9.11-6.2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "6.6.3-3", "latest_non_vulnerable_version": "6.6.3-3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67236?format=api", "vulnerability_id": "VCID-1rab-kh4g-wfgy", "summary": "Fetchmail 6.2.4 and earlier does not properly allocate memory for long lines, which allows remote attackers to cause a denial of service (crash) via a certain email.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0792.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0792.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2003-0792", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01344", "scoring_system": "epss", "scoring_elements": "0.80383", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01344", "scoring_system": "epss", "scoring_elements": "0.80408", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01344", "scoring_system": "epss", "scoring_elements": "0.80411", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2003-0792" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0792", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0792" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617087", "reference_id": "1617087", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617087" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6303?format=api", "purl": "pkg:deb/debian/fetchmail@6.2.5-12sarge5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2bpq-s1jb-j3d1" }, { "vulnerability": "VCID-3mtj-rbe4-bygx" }, { "vulnerability": "VCID-5mtd-9vs2-mkcp" }, { "vulnerability": "VCID-5p19-bhcy-fffn" }, { "vulnerability": "VCID-8cwf-bk7m-h3eg" }, { "vulnerability": "VCID-avqj-8btm-gfdd" }, { "vulnerability": "VCID-debr-wchc-h7a4" }, { "vulnerability": "VCID-fdpq-937n-63hu" }, { "vulnerability": "VCID-k2vh-hcbd-8ubq" }, { "vulnerability": "VCID-n6na-y3zc-eqa2" }, { "vulnerability": "VCID-pqsn-4an8-zfgu" }, { "vulnerability": "VCID-ukt2-jxtg-6ubv" }, { "vulnerability": "VCID-wvv8-4977-7yga" }, { "vulnerability": "VCID-xcf8-t38u-6qhg" }, { "vulnerability": "VCID-z6hd-xps2-sbbz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.2.5-12sarge5" } ], "aliases": [ "CVE-2003-0792" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1rab-kh4g-wfgy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67240?format=api", "vulnerability_id": "VCID-2bpq-s1jb-j3d1", "summary": "fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0321.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-0321.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0321", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14329", "scoring_system": "epss", "scoring_elements": "0.94532", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.14329", "scoring_system": "epss", "scoring_elements": "0.94541", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.14329", "scoring_system": "epss", "scoring_elements": "0.94543", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.14329", "scoring_system": "epss", "scoring_elements": "0.94545", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-0321" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0321", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0321" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348747", "reference_id": "348747", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=348747" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6304?format=api", "purl": "pkg:deb/debian/fetchmail@6.3.6-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mtj-rbe4-bygx" }, { "vulnerability": "VCID-5p19-bhcy-fffn" }, { "vulnerability": "VCID-8cwf-bk7m-h3eg" }, { "vulnerability": "VCID-debr-wchc-h7a4" }, { "vulnerability": "VCID-k2vh-hcbd-8ubq" }, { "vulnerability": "VCID-n6na-y3zc-eqa2" }, { "vulnerability": "VCID-pqsn-4an8-zfgu" }, { "vulnerability": "VCID-wvv8-4977-7yga" }, { "vulnerability": "VCID-z6hd-xps2-sbbz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.6-1" } ], "aliases": [ "CVE-2006-0321" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2bpq-s1jb-j3d1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67253?format=api", "vulnerability_id": "VCID-3mtj-rbe4-bygx", "summary": "report_vbuild in report.c in Fetchmail before 6.4.20 sometimes omits initialization of the vsnprintf va_list argument, which might allow mail servers to cause a denial of service or possibly have unspecified other impact via long error messages. NOTE: it is unclear whether use of Fetchmail on any realistic platform results in an impact beyond an inconvenience to the client user.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36386.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36386.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36386", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49624", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49607", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49552", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0026", "scoring_system": "epss", "scoring_elements": "0.49614", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36386" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1987766", "reference_id": "1987766", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1987766" }, { "reference_url": "https://security.archlinux.org/AVG-2238", "reference_id": "AVG-2238", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2238" }, { "reference_url": "https://security.gentoo.org/glsa/202209-14", "reference_id": "GLSA-202209-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202209-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1964", "reference_id": "RHSA-2022:1964", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1964" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/510805?format=api", "purl": "pkg:deb/debian/fetchmail@6.4.16-4%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4zfz-95n5-8ugz" }, { "vulnerability": "VCID-td28-7qem-kfep" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.4.16-4%252Bdeb11u1" } ], "aliases": [ "CVE-2021-36386" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3mtj-rbe4-bygx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67239?format=api", "vulnerability_id": "VCID-5mtd-9vs2-mkcp", "summary": "fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-4348.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-4348.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-4348", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09993", "scoring_system": "epss", "scoring_elements": "0.93186", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09993", "scoring_system": "epss", "scoring_elements": "0.93197", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.09993", "scoring_system": "epss", "scoring_elements": "0.93194", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-4348" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4348" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617856", "reference_id": "1617856", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617856" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343836", "reference_id": "343836", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=343836" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0018", "reference_id": "RHSA-2007:0018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0018" }, { "reference_url": "https://usn.ubuntu.com/233-1/", "reference_id": "USN-233-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/233-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6304?format=api", "purl": "pkg:deb/debian/fetchmail@6.3.6-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mtj-rbe4-bygx" }, { "vulnerability": "VCID-5p19-bhcy-fffn" }, { "vulnerability": "VCID-8cwf-bk7m-h3eg" }, { "vulnerability": "VCID-debr-wchc-h7a4" }, { "vulnerability": "VCID-k2vh-hcbd-8ubq" }, { "vulnerability": "VCID-n6na-y3zc-eqa2" }, { "vulnerability": "VCID-pqsn-4an8-zfgu" }, { "vulnerability": "VCID-wvv8-4977-7yga" }, { "vulnerability": "VCID-z6hd-xps2-sbbz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.6-1" } ], "aliases": [ "CVE-2005-4348" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5mtd-9vs2-mkcp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67243?format=api", "vulnerability_id": "VCID-5p19-bhcy-fffn", "summary": "sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4565.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4565.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4565", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03076", "scoring_system": "epss", "scoring_elements": "0.87007", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03076", "scoring_system": "epss", "scoring_elements": "0.8703", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03076", "scoring_system": "epss", "scoring_elements": "0.87028", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.03076", "scoring_system": "epss", "scoring_elements": "0.87023", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4565" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4565" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=260601", "reference_id": "260601", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=260601" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440006", "reference_id": "440006", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=440006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1427", "reference_id": "RHSA-2009:1427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1427" }, { "reference_url": "https://usn.ubuntu.com/520-1/", "reference_id": "USN-520-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/520-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6306?format=api", "purl": "pkg:deb/debian/fetchmail@6.3.9~rc2-4%2Blenny2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mtj-rbe4-bygx" }, { "vulnerability": "VCID-8cwf-bk7m-h3eg" }, { "vulnerability": "VCID-debr-wchc-h7a4" }, { "vulnerability": "VCID-pqsn-4an8-zfgu" }, { "vulnerability": "VCID-wvv8-4977-7yga" }, { "vulnerability": "VCID-z6hd-xps2-sbbz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.9~rc2-4%252Blenny2" } ], "aliases": [ "CVE-2007-4565" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5p19-bhcy-fffn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67246?format=api", "vulnerability_id": "VCID-8cwf-bk7m-h3eg", "summary": "The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an SSL X.509 certificate containing non-printable characters with the high bit set, which triggers a heap-based buffer overflow during escaping.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0562.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0562.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0562", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01751", "scoring_system": "epss", "scoring_elements": "0.82906", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01751", "scoring_system": "epss", "scoring_elements": "0.82933", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01751", "scoring_system": "epss", "scoring_elements": "0.82932", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01751", "scoring_system": "epss", "scoring_elements": "0.82929", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-0562" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0562", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0562" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=561839", "reference_id": "561839", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=561839" }, { "reference_url": "https://security.gentoo.org/glsa/201006-12", "reference_id": "GLSA-201006-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201006-12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/518659?format=api", "purl": "pkg:deb/debian/fetchmail@6.3.18-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mtj-rbe4-bygx" }, { "vulnerability": "VCID-debr-wchc-h7a4" }, { "vulnerability": "VCID-pqsn-4an8-zfgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.18-2" } ], "aliases": [ "CVE-2010-0562" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8cwf-bk7m-h3eg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67241?format=api", "vulnerability_id": "VCID-avqj-8btm-gfdd", "summary": "fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit cleartext passwords over unsecured links if certain circumstances occur, which allows remote attackers to obtain sensitive information via man-in-the-middle (MITM) attacks.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-5867.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-5867.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-5867", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0669", "scoring_system": "epss", "scoring_elements": "0.91406", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0669", "scoring_system": "epss", "scoring_elements": "0.91419", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0669", "scoring_system": "epss", "scoring_elements": "0.91421", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0669", "scoring_system": "epss", "scoring_elements": "0.91418", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-5867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5867" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=221984", "reference_id": "221984", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=221984" }, { "reference_url": "https://security.gentoo.org/glsa/200701-13", "reference_id": "GLSA-200701-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200701-13" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0018", "reference_id": "RHSA-2007:0018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0018" }, { "reference_url": "https://usn.ubuntu.com/405-1/", "reference_id": "USN-405-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/405-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6304?format=api", "purl": "pkg:deb/debian/fetchmail@6.3.6-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mtj-rbe4-bygx" }, { "vulnerability": "VCID-5p19-bhcy-fffn" }, { "vulnerability": "VCID-8cwf-bk7m-h3eg" }, { "vulnerability": "VCID-debr-wchc-h7a4" }, { "vulnerability": "VCID-k2vh-hcbd-8ubq" }, { "vulnerability": "VCID-n6na-y3zc-eqa2" }, { "vulnerability": "VCID-pqsn-4an8-zfgu" }, { "vulnerability": "VCID-wvv8-4977-7yga" }, { "vulnerability": "VCID-z6hd-xps2-sbbz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.6-1" } ], "aliases": [ "CVE-2006-5867" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-avqj-8btm-gfdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67251?format=api", "vulnerability_id": "VCID-debr-wchc-h7a4", "summary": "Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in debug mode, allows remote NTLM servers to (1) cause a denial of service (crash and delayed delivery of inbound mail) via a crafted NTLM response that triggers an out-of-bounds read in the base64 decoder, or (2) obtain sensitive information from memory via an NTLM Type 2 message with a crafted Target Name structure, which triggers an out-of-bounds read.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3482.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3482.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3482", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72868", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72906", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72913", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00721", "scoring_system": "epss", "scoring_elements": "0.72896", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3482" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3482" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=847988", "reference_id": "847988", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=847988" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/518661?format=api", "purl": "pkg:deb/debian/fetchmail@6.3.26-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mtj-rbe4-bygx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.26-1" } ], "aliases": [ "CVE-2012-3482" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-debr-wchc-h7a4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67235?format=api", "vulnerability_id": "VCID-dwqz-6p7y-9fax", "summary": "Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the \"@\" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1365.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1365.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2002-1365", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04772", "scoring_system": "epss", "scoring_elements": "0.89642", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04772", "scoring_system": "epss", "scoring_elements": "0.89659", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.04772", "scoring_system": "epss", "scoring_elements": "0.8966", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2002-1365" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1365", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1365" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616887", "reference_id": "1616887", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616887" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2002:293", "reference_id": "RHSA-2002:293", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2002:293" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2002:294", "reference_id": "RHSA-2002:294", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2002:294" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2003:155", "reference_id": "RHSA-2003:155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2003:155" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6303?format=api", "purl": "pkg:deb/debian/fetchmail@6.2.5-12sarge5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2bpq-s1jb-j3d1" }, { "vulnerability": "VCID-3mtj-rbe4-bygx" }, { "vulnerability": "VCID-5mtd-9vs2-mkcp" }, { "vulnerability": "VCID-5p19-bhcy-fffn" }, { "vulnerability": "VCID-8cwf-bk7m-h3eg" }, { "vulnerability": "VCID-avqj-8btm-gfdd" }, { "vulnerability": "VCID-debr-wchc-h7a4" }, { "vulnerability": "VCID-fdpq-937n-63hu" }, { "vulnerability": "VCID-k2vh-hcbd-8ubq" }, { "vulnerability": "VCID-n6na-y3zc-eqa2" }, { "vulnerability": "VCID-pqsn-4an8-zfgu" }, { "vulnerability": "VCID-ukt2-jxtg-6ubv" }, { "vulnerability": "VCID-wvv8-4977-7yga" }, { "vulnerability": "VCID-xcf8-t38u-6qhg" }, { "vulnerability": "VCID-z6hd-xps2-sbbz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.2.5-12sarge5" } ], "aliases": [ "CVE-2002-1365" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dwqz-6p7y-9fax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67237?format=api", "vulnerability_id": "VCID-fdpq-937n-63hu", "summary": "Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2335.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2335.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-2335", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06437", "scoring_system": "epss", "scoring_elements": "0.91223", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06437", "scoring_system": "epss", "scoring_elements": "0.91235", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.06437", "scoring_system": "epss", "scoring_elements": "0.91232", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-2335" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2335", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2335" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617705", "reference_id": "1617705", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617705" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=320357", "reference_id": "320357", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=320357" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:640", "reference_id": "RHSA-2005:640", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:640" }, { "reference_url": "https://usn.ubuntu.com/153-1/", "reference_id": "USN-153-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/153-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6304?format=api", "purl": "pkg:deb/debian/fetchmail@6.3.6-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mtj-rbe4-bygx" }, { "vulnerability": "VCID-5p19-bhcy-fffn" }, { "vulnerability": "VCID-8cwf-bk7m-h3eg" }, { "vulnerability": "VCID-debr-wchc-h7a4" }, { "vulnerability": "VCID-k2vh-hcbd-8ubq" }, { "vulnerability": "VCID-n6na-y3zc-eqa2" }, { "vulnerability": "VCID-pqsn-4an8-zfgu" }, { "vulnerability": "VCID-wvv8-4977-7yga" }, { "vulnerability": "VCID-z6hd-xps2-sbbz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.6-1" } ], "aliases": [ "CVE-2005-2335" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fdpq-937n-63hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67234?format=api", "vulnerability_id": "VCID-jw6n-vfc4-nqhh", "summary": "The getmxrecord function in Fetchmail 6.0.0 and earlier does not properly check the boundary of a particular malformed DNS packet from a malicious DNS server, which allows remote attackers to cause a denial of service (crash) when Fetchmail attempts to read data beyond the expected boundary.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1175.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1175.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2002-1175", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01344", "scoring_system": "epss", "scoring_elements": "0.80383", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01344", "scoring_system": "epss", "scoring_elements": "0.80408", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01344", "scoring_system": "epss", "scoring_elements": "0.80411", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2002-1175" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1175", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1175" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616857", "reference_id": "1616857", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616857" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2002:215", "reference_id": "RHSA-2002:215", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2002:215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2002:216", "reference_id": "RHSA-2002:216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2002:216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2003:155", "reference_id": "RHSA-2003:155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2003:155" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6303?format=api", "purl": "pkg:deb/debian/fetchmail@6.2.5-12sarge5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2bpq-s1jb-j3d1" }, { "vulnerability": "VCID-3mtj-rbe4-bygx" }, { "vulnerability": "VCID-5mtd-9vs2-mkcp" }, { "vulnerability": "VCID-5p19-bhcy-fffn" }, { "vulnerability": "VCID-8cwf-bk7m-h3eg" }, { "vulnerability": "VCID-avqj-8btm-gfdd" }, { "vulnerability": "VCID-debr-wchc-h7a4" }, { "vulnerability": "VCID-fdpq-937n-63hu" }, { "vulnerability": "VCID-k2vh-hcbd-8ubq" }, { "vulnerability": "VCID-n6na-y3zc-eqa2" }, { "vulnerability": "VCID-pqsn-4an8-zfgu" }, { "vulnerability": "VCID-ukt2-jxtg-6ubv" }, { "vulnerability": "VCID-wvv8-4977-7yga" }, { "vulnerability": "VCID-xcf8-t38u-6qhg" }, { "vulnerability": "VCID-z6hd-xps2-sbbz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.2.5-12sarge5" } ], "aliases": [ "CVE-2002-1175" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jw6n-vfc4-nqhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67244?format=api", "vulnerability_id": "VCID-k2vh-hcbd-8ubq", "summary": "fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference when using vsnprintf to format log messages.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2711.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2711.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2711", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03347", "scoring_system": "epss", "scoring_elements": "0.87539", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03347", "scoring_system": "epss", "scoring_elements": "0.8756", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03347", "scoring_system": "epss", "scoring_elements": "0.87559", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.03347", "scoring_system": "epss", "scoring_elements": "0.87558", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2711" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2711" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=451758", "reference_id": "451758", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=451758" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1427", "reference_id": "RHSA-2009:1427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1427" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6306?format=api", "purl": "pkg:deb/debian/fetchmail@6.3.9~rc2-4%2Blenny2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mtj-rbe4-bygx" }, { "vulnerability": "VCID-8cwf-bk7m-h3eg" }, { "vulnerability": "VCID-debr-wchc-h7a4" }, { "vulnerability": "VCID-pqsn-4an8-zfgu" }, { "vulnerability": "VCID-wvv8-4977-7yga" }, { "vulnerability": "VCID-z6hd-xps2-sbbz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.9~rc2-4%252Blenny2" } ], "aliases": [ "CVE-2008-2711" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k2vh-hcbd-8ubq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3126?format=api", "vulnerability_id": "VCID-n6na-y3zc-eqa2", "summary": "Gaƫtan Leurent informed us of a weakness in APOP\nauthentication that could allow an attacker to recover the first\npart of your mail password if the attacker could interpose\na malicious mail server on your network masquerading as your legitimate\nmail server. With normal settings it could take several hours for\nthe attacker to gather enough data to recover just a few characters\nof the password. This result was presented at the\nFast Software Encryption 2007 conference.In a rump session at the same conference a team from The University of\nElectro-Communications claimed that a variant on the same hash-collision\nattack allowed them to recover a 31 character password.Fixed versions of Thunderbird and SeaMonkey mail prevent this\ntechnique by stricter enforcement of the Message-ID format used\nby APOP.POP mail accounts which do not use any authentication are\ncommon and in the same hypothetical situation the password could\nbe recovered immediately without any special programming on the\nattacker's part.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1558.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1558.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1558", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1342", "scoring_system": "epss", "scoring_elements": "0.94326", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.1342", "scoring_system": "epss", "scoring_elements": "0.94335", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.1342", "scoring_system": "epss", "scoring_elements": "0.94336", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.1342", "scoring_system": "epss", "scoring_elements": "0.94337", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1558" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=241191", "reference_id": "241191", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=241191" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558", "reference_id": "CVE-2007-1558", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1558" }, { "reference_url": "https://security.gentoo.org/glsa/200706-06", "reference_id": "GLSA-200706-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200706-06" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2007-15", "reference_id": "mfsa2007-15", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2007-15" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0344", "reference_id": "RHSA-2007:0344", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0344" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0353", "reference_id": "RHSA-2007:0353", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0353" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0385", "reference_id": "RHSA-2007:0385", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0385" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0386", "reference_id": "RHSA-2007:0386", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0386" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0401", "reference_id": "RHSA-2007:0401", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0401" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0402", "reference_id": "RHSA-2007:0402", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0402" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1140", "reference_id": "RHSA-2009:1140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1140" }, { "reference_url": "https://usn.ubuntu.com/469-1/", "reference_id": "USN-469-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/469-1/" }, { "reference_url": "https://usn.ubuntu.com/520-1/", "reference_id": "USN-520-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/520-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6306?format=api", "purl": "pkg:deb/debian/fetchmail@6.3.9~rc2-4%2Blenny2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mtj-rbe4-bygx" }, { "vulnerability": "VCID-8cwf-bk7m-h3eg" }, { "vulnerability": "VCID-debr-wchc-h7a4" }, { "vulnerability": "VCID-pqsn-4an8-zfgu" }, { "vulnerability": "VCID-wvv8-4977-7yga" }, { "vulnerability": "VCID-z6hd-xps2-sbbz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.9~rc2-4%252Blenny2" } ], "aliases": [ "CVE-2007-1558" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n6na-y3zc-eqa2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67250?format=api", "vulnerability_id": "VCID-pqsn-4an8-zfgu", "summary": "fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time after issuing a (1) STARTTLS or (2) STLS request, which allows remote servers to cause a denial of service (application hang) by acknowledging the request but not sending additional packets.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1947.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1947.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1947", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02444", "scoring_system": "epss", "scoring_elements": "0.85463", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02444", "scoring_system": "epss", "scoring_elements": "0.85486", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02444", "scoring_system": "epss", "scoring_elements": "0.85491", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-1947" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1947", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1947" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=709284", "reference_id": "709284", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=709284" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/518661?format=api", "purl": "pkg:deb/debian/fetchmail@6.3.26-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mtj-rbe4-bygx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.26-1" } ], "aliases": [ "CVE-2011-1947" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pqsn-4an8-zfgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67238?format=api", "vulnerability_id": "VCID-ukt2-jxtg-6ubv", "summary": "fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3088.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-3088.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3088", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.2602", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26123", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26118", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00093", "scoring_system": "epss", "scoring_elements": "0.26072", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-3088" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3088" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617779", "reference_id": "1617779", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617779" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=336096", "reference_id": "336096", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=336096" }, { "reference_url": "https://security.gentoo.org/glsa/200511-06", "reference_id": "GLSA-200511-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200511-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:823", "reference_id": "RHSA-2005:823", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:823" }, { "reference_url": "https://usn.ubuntu.com/215-1/", "reference_id": "USN-215-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/215-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6304?format=api", "purl": "pkg:deb/debian/fetchmail@6.3.6-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mtj-rbe4-bygx" }, { "vulnerability": "VCID-5p19-bhcy-fffn" }, { "vulnerability": "VCID-8cwf-bk7m-h3eg" }, { "vulnerability": "VCID-debr-wchc-h7a4" }, { "vulnerability": "VCID-k2vh-hcbd-8ubq" }, { "vulnerability": "VCID-n6na-y3zc-eqa2" }, { "vulnerability": "VCID-pqsn-4an8-zfgu" }, { "vulnerability": "VCID-wvv8-4977-7yga" }, { "vulnerability": "VCID-z6hd-xps2-sbbz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.6-1" } ], "aliases": [ "CVE-2005-3088" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ukt2-jxtg-6ubv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67233?format=api", "vulnerability_id": "VCID-vm5f-essz-9fc2", "summary": "Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) long headers that are not properly processed by the readheaders function, or (2) via long Received: headers, which are not properly parsed by the parse_received function.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1174.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1174.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2002-1174", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04276", "scoring_system": "epss", "scoring_elements": "0.89027", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04276", "scoring_system": "epss", "scoring_elements": "0.89044", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04276", "scoring_system": "epss", "scoring_elements": "0.89046", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.04276", "scoring_system": "epss", "scoring_elements": "0.89045", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2002-1174" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1174", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1174" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616856", "reference_id": "1616856", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616856" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2002:215", "reference_id": "RHSA-2002:215", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2002:215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2002:216", "reference_id": "RHSA-2002:216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2002:216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2003:155", "reference_id": "RHSA-2003:155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2003:155" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6303?format=api", "purl": "pkg:deb/debian/fetchmail@6.2.5-12sarge5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2bpq-s1jb-j3d1" }, { "vulnerability": "VCID-3mtj-rbe4-bygx" }, { "vulnerability": "VCID-5mtd-9vs2-mkcp" }, { "vulnerability": "VCID-5p19-bhcy-fffn" }, { "vulnerability": "VCID-8cwf-bk7m-h3eg" }, { "vulnerability": "VCID-avqj-8btm-gfdd" }, { "vulnerability": "VCID-debr-wchc-h7a4" }, { "vulnerability": "VCID-fdpq-937n-63hu" }, { "vulnerability": "VCID-k2vh-hcbd-8ubq" }, { "vulnerability": "VCID-n6na-y3zc-eqa2" }, { "vulnerability": "VCID-pqsn-4an8-zfgu" }, { "vulnerability": "VCID-ukt2-jxtg-6ubv" }, { "vulnerability": "VCID-wvv8-4977-7yga" }, { "vulnerability": "VCID-xcf8-t38u-6qhg" }, { "vulnerability": "VCID-z6hd-xps2-sbbz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.2.5-12sarge5" } ], "aliases": [ "CVE-2002-1174" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vm5f-essz-9fc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67245?format=api", "vulnerability_id": "VCID-wvv8-4977-7yga", "summary": "socket.c in fetchmail before 6.3.11 does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2666.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2666.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2666", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00665", "scoring_system": "epss", "scoring_elements": "0.71611", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00665", "scoring_system": "epss", "scoring_elements": "0.71655", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00665", "scoring_system": "epss", "scoring_elements": "0.71662", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00665", "scoring_system": "epss", "scoring_elements": "0.71638", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2666" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2666" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=515804", "reference_id": "515804", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515804" }, { "reference_url": "https://security.gentoo.org/glsa/201006-12", "reference_id": "GLSA-201006-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201006-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1427", "reference_id": "RHSA-2009:1427", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2009:1427" }, { "reference_url": "https://usn.ubuntu.com/816-1/", "reference_id": "USN-816-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/816-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/518659?format=api", "purl": "pkg:deb/debian/fetchmail@6.3.18-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mtj-rbe4-bygx" }, { "vulnerability": "VCID-debr-wchc-h7a4" }, { "vulnerability": "VCID-pqsn-4an8-zfgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.18-2" } ], "aliases": [ "CVE-2009-2666" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wvv8-4977-7yga" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67242?format=api", "vulnerability_id": "VCID-xcf8-t38u-6qhg", "summary": "fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or (2) fflush functions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-5974.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-5974.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-5974", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13761", "scoring_system": "epss", "scoring_elements": "0.9441", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.13761", "scoring_system": "epss", "scoring_elements": "0.94418", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.13761", "scoring_system": "epss", "scoring_elements": "0.94421", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.13761", "scoring_system": "epss", "scoring_elements": "0.94423", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-5974" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5974" }, { "reference_url": "https://security.gentoo.org/glsa/200701-13", "reference_id": "GLSA-200701-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200701-13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6304?format=api", "purl": "pkg:deb/debian/fetchmail@6.3.6-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mtj-rbe4-bygx" }, { "vulnerability": "VCID-5p19-bhcy-fffn" }, { "vulnerability": "VCID-8cwf-bk7m-h3eg" }, { "vulnerability": "VCID-debr-wchc-h7a4" }, { "vulnerability": "VCID-k2vh-hcbd-8ubq" }, { "vulnerability": "VCID-n6na-y3zc-eqa2" }, { "vulnerability": "VCID-pqsn-4an8-zfgu" }, { "vulnerability": "VCID-wvv8-4977-7yga" }, { "vulnerability": "VCID-z6hd-xps2-sbbz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.6-1" } ], "aliases": [ "CVE-2006-5974" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xcf8-t38u-6qhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67249?format=api", "vulnerability_id": "VCID-z6hd-xps2-sbbz", "summary": "fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (1) message header or (2) POP3 UIDL list.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1167.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.74005", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.74038", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.74042", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00777", "scoring_system": "epss", "scoring_elements": "0.74028", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2010-1167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1167" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=583819", "reference_id": "583819", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=583819" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/518659?format=api", "purl": "pkg:deb/debian/fetchmail@6.3.18-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3mtj-rbe4-bygx" }, { "vulnerability": "VCID-debr-wchc-h7a4" }, { "vulnerability": "VCID-pqsn-4an8-zfgu" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@6.3.18-2" } ], "aliases": [ "CVE-2010-1167" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z6hd-xps2-sbbz" } ], "fixing_vulnerabilities": [], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/fetchmail@5.9.11-6.2" }