Search for packages
| purl | pkg:deb/debian/uw-imap@7:2002edebian1-13.1 |
| Next non-vulnerable version | 8:2007f~dfsg-6 |
| Latest non-vulnerable version | 8:2007f~dfsg-6 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-fdg1-sfty-aaag
Aliases: CVE-2008-5005 |
Multiple stack-based buffer overflows in (1) University of Washington IMAP Toolkit 2002 through 2007c, (2) University of Washington Alpine 2.00 and earlier, and (3) Panda IMAP allow (a) local users to gain privileges by specifying a long folder extension argument on the command line to the tmail or dmail program; and (b) remote attackers to execute arbitrary code by sending e-mail to a destination mailbox name composed of a username and '+' character followed by a long string, processed by the tmail or possibly dmail program. |
Affected by 1 other vulnerability. |
|
VCID-qz7z-7vbe-aaag
Aliases: CVE-2008-5006 |
smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connection instead of the expected 221 response code. |
Affected by 1 other vulnerability. |
|
VCID-tz8v-ae8r-aaaa
Aliases: CVE-2018-19518 |
University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a "-oProxyCommand" argument. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-u7tx-xwrq-aaag | Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely. |
CVE-2005-2933
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T18:18:18.475331+00:00 | Debian Oval Importer | Fixing | VCID-u7tx-xwrq-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T17:49:28.795941+00:00 | Debian Oval Importer | Fixing | VCID-u7tx-xwrq-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T16:27:22.892447+00:00 | Debian Oval Importer | Affected by | VCID-qz7z-7vbe-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T12:13:57.145452+00:00 | Debian Oval Importer | Affected by | VCID-fdg1-sfty-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T11:26:24.129558+00:00 | Debian Oval Importer | Affected by | VCID-tz8v-ae8r-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T01:29:02.486256+00:00 | Debian Oval Importer | Affected by | VCID-fdg1-sfty-aaag | None | 36.1.3 |
| 2025-06-20T21:30:59.387038+00:00 | Debian Oval Importer | Affected by | VCID-qz7z-7vbe-aaag | None | 36.1.3 |
| 2025-06-20T21:06:02.166398+00:00 | Debian Oval Importer | Affected by | VCID-tz8v-ae8r-aaaa | None | 36.1.3 |
| 2025-06-20T20:52:09.098070+00:00 | Debian Oval Importer | Fixing | VCID-u7tx-xwrq-aaag | None | 36.1.3 |
| 2025-06-08T12:42:02.525578+00:00 | Debian Oval Importer | Affected by | VCID-qz7z-7vbe-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T12:09:02.884541+00:00 | Debian Oval Importer | Affected by | VCID-tz8v-ae8r-aaaa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T10:49:18.929604+00:00 | Debian Oval Importer | Fixing | VCID-u7tx-xwrq-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T10:22:25.151166+00:00 | Debian Oval Importer | Fixing | VCID-u7tx-xwrq-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T09:13:19.012767+00:00 | Debian Oval Importer | Affected by | VCID-qz7z-7vbe-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:18:59.586112+00:00 | Debian Oval Importer | Affected by | VCID-fdg1-sfty-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T04:48:08.216187+00:00 | Debian Oval Importer | Affected by | VCID-tz8v-ae8r-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-07T18:51:56.368248+00:00 | Debian Oval Importer | Affected by | VCID-fdg1-sfty-aaag | None | 36.1.0 |
| 2025-06-07T14:53:26.272596+00:00 | Debian Oval Importer | Affected by | VCID-qz7z-7vbe-aaag | None | 36.1.0 |
| 2025-06-07T14:31:58.888304+00:00 | Debian Oval Importer | Affected by | VCID-tz8v-ae8r-aaaa | None | 36.1.0 |
| 2025-06-07T14:22:39.928286+00:00 | Debian Oval Importer | Fixing | VCID-u7tx-xwrq-aaag | None | 36.1.0 |
| 2025-04-12T21:53:56.080360+00:00 | Debian Oval Importer | Affected by | VCID-fdg1-sfty-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T18:28:49.443260+00:00 | Debian Oval Importer | Affected by | VCID-qz7z-7vbe-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:54:37.643964+00:00 | Debian Oval Importer | Affected by | VCID-tz8v-ae8r-aaaa | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:31:32.312230+00:00 | Debian Oval Importer | Fixing | VCID-u7tx-xwrq-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:03:25.367638+00:00 | Debian Oval Importer | Fixing | VCID-u7tx-xwrq-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T07:45:14.502794+00:00 | Debian Oval Importer | Affected by | VCID-qz7z-7vbe-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:50:03.049909+00:00 | Debian Oval Importer | Affected by | VCID-fdg1-sfty-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T03:19:12.857385+00:00 | Debian Oval Importer | Affected by | VCID-tz8v-ae8r-aaaa | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T17:29:45.562257+00:00 | Debian Oval Importer | Affected by | VCID-fdg1-sfty-aaag | None | 36.0.0 |
| 2025-04-07T13:25:28.781593+00:00 | Debian Oval Importer | Affected by | VCID-qz7z-7vbe-aaag | None | 36.0.0 |
| 2025-04-07T13:04:06.211472+00:00 | Debian Oval Importer | Affected by | VCID-tz8v-ae8r-aaaa | None | 36.0.0 |
| 2025-04-07T12:55:15.292554+00:00 | Debian Oval Importer | Fixing | VCID-u7tx-xwrq-aaag | None | 36.0.0 |
| 2024-11-26T20:30:18.611707+00:00 | Debian Oval Importer | Affected by | VCID-qz7z-7vbe-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-11-26T20:28:47.258970+00:00 | Debian Oval Importer | Affected by | VCID-fdg1-sfty-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-11-25T10:29:17.989407+00:00 | Debian Oval Importer | Fixing | VCID-u7tx-xwrq-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-10-12T20:11:19.140162+00:00 | Debian Oval Importer | Affected by | VCID-qz7z-7vbe-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-10-12T20:10:39.906491+00:00 | Debian Oval Importer | Affected by | VCID-fdg1-sfty-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-10-11T21:46:09.986360+00:00 | Debian Oval Importer | Fixing | VCID-u7tx-xwrq-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-09-20T17:20:13.078596+00:00 | Debian Oval Importer | Affected by | VCID-qz7z-7vbe-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |
| 2024-09-20T17:19:46.846864+00:00 | Debian Oval Importer | Affected by | VCID-fdg1-sfty-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |
| 2024-09-20T11:12:44.747286+00:00 | Debian Oval Importer | Fixing | VCID-u7tx-xwrq-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |
| 2024-02-04T13:15:37.225448+00:00 | Debian Oval Importer | Fixing | VCID-u7tx-xwrq-aaag | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.0rc2 |
| 2024-02-04T13:15:36.473380+00:00 | Debian Oval Importer | Fixing | VCID-u7tx-xwrq-aaag | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 34.0.0rc2 |
| 2024-02-04T12:52:28.024595+00:00 | Debian Oval Importer | Fixing | VCID-u7tx-xwrq-aaag | None | 34.0.0rc2 |