Courier-imap CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2007-2173	2 Double Precision Incorporated, Gentoo	2 Courier-imap, Linux	2025-04-09	N/A
Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.
CVE-2003-0040	2 Double Precision Incorporated, Inter7	2 Courier Mta, Courier-imap	2025-04-03	N/A
SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
CVE-2004-0224	3 Double Precision Incorporated, Gentoo, Inter7	4 Courier Mta, Sqwebmail, Linux and 1 more	2025-04-03	N/A
Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."

Page 1 of 1.