Squirrelmail CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (68 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2018-14952	1 Squirrelmail	1 Squirrelmail	2024-11-21	N/A
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack.
CVE-2018-14951	1 Squirrelmail	1 Squirrelmail	2024-11-21	N/A
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack.
CVE-2018-14950	1 Squirrelmail	1 Squirrelmail	2024-11-21	N/A
The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack.
CVE-2010-1637	4 Apple, Fedoraproject, Redhat and 1 more	8 Mac Os X, Mac Os X Server, Fedora and 5 more	2024-08-07	6.5 Medium
The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.
CVE-2011-2753	2 Redhat, Squirrelmail	2 Enterprise Linux, Squirrelmail	2024-08-06	N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.21 and earlier allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the empty trash implementation and (2) the Index Order (aka options_order) page, a different issue than CVE-2010-4555.
CVE-2011-2752	2 Redhat, Squirrelmail	2 Enterprise Linux, Squirrelmail	2024-08-06	N/A
CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n (newline) character, a different vulnerability than CVE-2010-4555.
CVE-2011-2023	2 Redhat, Squirrelmail	2 Enterprise Linux, Squirrelmail	2024-08-06	N/A
Cross-site scripting (XSS) vulnerability in functions/mime.php in SquirrelMail before 1.4.22 allows remote attackers to inject arbitrary web script or HTML via a crafted STYLE element in an e-mail message.
CVE-2012-2124	2 Redhat, Squirrelmail	2 Enterprise Linux, Squirrelmail	2024-08-06	N/A
functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files. NOTE: this issue exists because of an incorrect fix for CVE-2010-2813.

« first previous Page 4 of 4.