{"url":"http://public2.vulnerablecode.io/api/packages/341673?format=json","purl":"pkg:deb/debian/courier@1.0.16-3?distro=trixie","type":"deb","namespace":"debian","name":"courier","version":"1.0.16-3","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.3.13-1","latest_non_vulnerable_version":"1.5.1-3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84064?format=json","vulnerability_id":"VCID-h7wk-uxjs-uyf1","summary":"An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into an encrypted user session.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38084","reference_id":"","reference_type":"","scores":[{"value":"0.00513","scoring_system":"epss","scoring_elements":"0.66803","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-38084"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38084","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38084"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989375","reference_id":"989375","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989375"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/341688?format=json","purl":"pkg:deb/debian/courier@1.3.13-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.3.13-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341676?format=json","purl":"pkg:deb/debian/courier@1.4.1-3%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.4.1-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341675?format=json","purl":"pkg:deb/debian/courier@1.5.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.5.1-3%3Fdistro=trixie"}],"aliases":["CVE-2021-38084"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h7wk-uxjs-uyf1"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79611?format=json","vulnerability_id":"VCID-4pjd-5uek-57gk","summary":"SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0040","reference_id":"","reference_type":"","scores":[{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65712","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0040"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/341678?format=json","purl":"pkg:deb/debian/courier@0.40.2-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@0.40.2-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341673?format=json","purl":"pkg:deb/debian/courier@1.0.16-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7wk-uxjs-uyf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.0.16-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341676?format=json","purl":"pkg:deb/debian/courier@1.4.1-3%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.4.1-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341675?format=json","purl":"pkg:deb/debian/courier@1.5.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.5.1-3%3Fdistro=trixie"}],"aliases":["CVE-2003-0040"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4pjd-5uek-57gk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79735?format=json","vulnerability_id":"VCID-6fte-6gfw-m7f1","summary":"Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a \"message/delivery-status\" MIME Content-Type.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0591","reference_id":"","reference_type":"","scores":[{"value":"0.13907","scoring_system":"epss","scoring_elements":"0.94428","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0591"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0591","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0591"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/24227.txt","reference_id":"CVE-2004-0591;OSVDB-7214","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/24227.txt"},{"reference_url":"https://www.securityfocus.com/bid/10588/info","reference_id":"CVE-2004-0591;OSVDB-7214","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/10588/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/341680?format=json","purl":"pkg:deb/debian/courier@0.45.4-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@0.45.4-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341673?format=json","purl":"pkg:deb/debian/courier@1.0.16-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7wk-uxjs-uyf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.0.16-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341676?format=json","purl":"pkg:deb/debian/courier@1.4.1-3%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.4.1-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341675?format=json","purl":"pkg:deb/debian/courier@1.5.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.5.1-3%3Fdistro=trixie"}],"aliases":["CVE-2004-0591"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6fte-6gfw-m7f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80015?format=json","vulnerability_id":"VCID-87gc-zu4n-u7az","summary":"Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain \">\" or other special characters, which is not properly sanitized by SqWebMail.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2769","reference_id":"","reference_type":"","scores":[{"value":"0.10952","scoring_system":"epss","scoring_elements":"0.93529","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2769"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2769","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2769"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327727","reference_id":"327727","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327727"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/26200.txt","reference_id":"CVE-2005-2769;OSVDB-19047","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/26200.txt"},{"reference_url":"https://www.securityfocus.com/bid/14676/info","reference_id":"CVE-2005-2769;OSVDB-19047","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/14676/info"},{"reference_url":"https://usn.ubuntu.com/201-1/","reference_id":"USN-201-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/201-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/341685?format=json","purl":"pkg:deb/debian/courier@0.47-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@0.47-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341673?format=json","purl":"pkg:deb/debian/courier@1.0.16-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7wk-uxjs-uyf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.0.16-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341676?format=json","purl":"pkg:deb/debian/courier@1.4.1-3%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.4.1-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341675?format=json","purl":"pkg:deb/debian/courier@1.5.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.5.1-3%3Fdistro=trixie"}],"aliases":["CVE-2005-2769"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-87gc-zu4n-u7az"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80215?format=json","vulnerability_id":"VCID-9mq3-f13r-b7cs","summary":"libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the \"=\" (equals) character, which is not properly handled during encoding.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-2659","reference_id":"","reference_type":"","scores":[{"value":"0.03561","scoring_system":"epss","scoring_elements":"0.87903","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-2659"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2659","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2659"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834","reference_id":"368834","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368834"},{"reference_url":"https://security.gentoo.org/glsa/200608-06","reference_id":"GLSA-200608-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200608-06"},{"reference_url":"https://usn.ubuntu.com/294-1/","reference_id":"USN-294-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/294-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/341687?format=json","purl":"pkg:deb/debian/courier@0.53.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@0.53.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341673?format=json","purl":"pkg:deb/debian/courier@1.0.16-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7wk-uxjs-uyf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.0.16-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341676?format=json","purl":"pkg:deb/debian/courier@1.4.1-3%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.4.1-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341675?format=json","purl":"pkg:deb/debian/courier@1.5.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.5.1-3%3Fdistro=trixie"}],"aliases":["CVE-2006-2659"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9mq3-f13r-b7cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79572?format=json","vulnerability_id":"VCID-e22y-6z4h-nyag","summary":"Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2002-1311","reference_id":"","reference_type":"","scores":[{"value":"0.00068","scoring_system":"epss","scoring_elements":"0.21156","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2002-1311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1311"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/341677?format=json","purl":"pkg:deb/debian/courier@0.40.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@0.40.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341673?format=json","purl":"pkg:deb/debian/courier@1.0.16-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7wk-uxjs-uyf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.0.16-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341676?format=json","purl":"pkg:deb/debian/courier@1.4.1-3%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.4.1-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341675?format=json","purl":"pkg:deb/debian/courier@1.5.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.5.1-3%3Fdistro=trixie"}],"aliases":["CVE-2002-1311"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e22y-6z4h-nyag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80018?format=json","vulnerability_id":"VCID-fkrp-k4bs-rqhk","summary":"Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer \"Conditional Comments\" such as \"[if]\" and \"[endif]\".","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2820","reference_id":"","reference_type":"","scores":[{"value":"0.00648","scoring_system":"epss","scoring_elements":"0.71123","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2820"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2820","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2820"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327181","reference_id":"327181","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327181"},{"reference_url":"https://usn.ubuntu.com/201-1/","reference_id":"USN-201-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/201-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/341685?format=json","purl":"pkg:deb/debian/courier@0.47-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@0.47-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341673?format=json","purl":"pkg:deb/debian/courier@1.0.16-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7wk-uxjs-uyf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.0.16-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341676?format=json","purl":"pkg:deb/debian/courier@1.4.1-3%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.4.1-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341675?format=json","purl":"pkg:deb/debian/courier@1.5.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.5.1-3%3Fdistro=trixie"}],"aliases":["CVE-2005-2820"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fkrp-k4bs-rqhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79706?format=json","vulnerability_id":"VCID-gzwj-6z9e-m7aj","summary":"Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code \"when Unicode character is out of BMP range.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0224","reference_id":"","reference_type":"","scores":[{"value":"0.03685","scoring_system":"epss","scoring_elements":"0.88129","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0224"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0224","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0224"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/341679?format=json","purl":"pkg:deb/debian/courier@0.45.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@0.45.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341673?format=json","purl":"pkg:deb/debian/courier@1.0.16-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7wk-uxjs-uyf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.0.16-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341676?format=json","purl":"pkg:deb/debian/courier@1.4.1-3%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.4.1-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341675?format=json","purl":"pkg:deb/debian/courier@1.5.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.5.1-3%3Fdistro=trixie"}],"aliases":["CVE-2004-0224"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gzwj-6z9e-m7aj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79989?format=json","vulnerability_id":"VCID-hbc7-nb7r-zbc9","summary":"spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2151","reference_id":"","reference_type":"","scores":[{"value":"0.0034","scoring_system":"epss","scoring_elements":"0.5693","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2151"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2151","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2151"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=320290","reference_id":"320290","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=320290"},{"reference_url":"https://usn.ubuntu.com/174-1/","reference_id":"USN-174-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/174-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/341683?format=json","purl":"pkg:deb/debian/courier@0.47-6?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@0.47-6%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341673?format=json","purl":"pkg:deb/debian/courier@1.0.16-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7wk-uxjs-uyf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.0.16-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341676?format=json","purl":"pkg:deb/debian/courier@1.4.1-3%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.4.1-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341675?format=json","purl":"pkg:deb/debian/courier@1.5.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.5.1-3%3Fdistro=trixie"}],"aliases":["CVE-2005-2151"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hbc7-nb7r-zbc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80014?format=json","vulnerability_id":"VCID-jbcq-v154-w7a9","summary":"Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature.  NOTE: the severity of this issue has been disputed by the developer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2724","reference_id":"","reference_type":"","scores":[{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74422","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2724"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2724","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2724"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325631","reference_id":"325631","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325631"},{"reference_url":"https://usn.ubuntu.com/201-1/","reference_id":"USN-201-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/201-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/341684?format=json","purl":"pkg:deb/debian/courier@0.47-8?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@0.47-8%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341673?format=json","purl":"pkg:deb/debian/courier@1.0.16-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7wk-uxjs-uyf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.0.16-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341676?format=json","purl":"pkg:deb/debian/courier@1.4.1-3%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.4.1-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341675?format=json","purl":"pkg:deb/debian/courier@1.5.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.5.1-3%3Fdistro=trixie"}],"aliases":["CVE-2005-2724"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jbcq-v154-w7a9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79743?format=json","vulnerability_id":"VCID-pc1c-7y3z-skas","summary":"Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0777","reference_id":"","reference_type":"","scores":[{"value":"0.15919","scoring_system":"epss","scoring_elements":"0.94866","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0777"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0777"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=266723","reference_id":"266723","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=266723"},{"reference_url":"https://security.gentoo.org/glsa/200408-19","reference_id":"GLSA-200408-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200408-19"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/remote/432.c","reference_id":"OSVDB-9013;CVE-2004-0777","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/remote/432.c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/341681?format=json","purl":"pkg:deb/debian/courier@0.45.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@0.45.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341673?format=json","purl":"pkg:deb/debian/courier@1.0.16-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7wk-uxjs-uyf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.0.16-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341676?format=json","purl":"pkg:deb/debian/courier@1.4.1-3%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.4.1-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341675?format=json","purl":"pkg:deb/debian/courier@1.5.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.5.1-3%3Fdistro=trixie"}],"aliases":["CVE-2004-0777"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pc1c-7y3z-skas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79844?format=json","vulnerability_id":"VCID-uf61-dkea-u3am","summary":"Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-2313","reference_id":"","reference_type":"","scores":[{"value":"0.00333","scoring_system":"epss","scoring_elements":"0.5635","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-2313"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2313","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2313"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/341682?format=json","purl":"pkg:deb/debian/courier@0.44.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@0.44.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341673?format=json","purl":"pkg:deb/debian/courier@1.0.16-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7wk-uxjs-uyf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.0.16-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341676?format=json","purl":"pkg:deb/debian/courier@1.4.1-3%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.4.1-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341675?format=json","purl":"pkg:deb/debian/courier@1.5.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.5.1-3%3Fdistro=trixie"}],"aliases":["CVE-2004-2313"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uf61-dkea-u3am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79559?format=json","vulnerability_id":"VCID-vj7w-t7w7-u3hp","summary":"Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2002-0914","reference_id":"","reference_type":"","scores":[{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73705","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2002-0914"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0914","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0914"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/341674?format=json","purl":"pkg:deb/debian/courier@0.46?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@0.46%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341673?format=json","purl":"pkg:deb/debian/courier@1.0.16-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7wk-uxjs-uyf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.0.16-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341676?format=json","purl":"pkg:deb/debian/courier@1.4.1-3%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.4.1-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341675?format=json","purl":"pkg:deb/debian/courier@1.5.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.5.1-3%3Fdistro=trixie"}],"aliases":["CVE-2002-0914"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vj7w-t7w7-u3hp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80072?format=json","vulnerability_id":"VCID-z4g8-cyrd-d3h5","summary":"authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-3532","reference_id":"","reference_type":"","scores":[{"value":"0.00902","scoring_system":"epss","scoring_elements":"0.76034","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-3532"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3532","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3532"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211920","reference_id":"211920","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=211920"},{"reference_url":"https://usn.ubuntu.com/226-1/","reference_id":"USN-226-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/226-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/341686?format=json","purl":"pkg:deb/debian/courier@0.47-12?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@0.47-12%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341673?format=json","purl":"pkg:deb/debian/courier@1.0.16-3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-h7wk-uxjs-uyf1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.0.16-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341676?format=json","purl":"pkg:deb/debian/courier@1.4.1-3%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.4.1-3%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/341675?format=json","purl":"pkg:deb/debian/courier@1.5.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.5.1-3%3Fdistro=trixie"}],"aliases":["CVE-2005-3532"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z4g8-cyrd-d3h5"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/courier@1.0.16-3%3Fdistro=trixie"}