by David Harris
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9046 | Hig | 0.47 | 7.3 | 0.01 | May 21, 2017 | winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking on a mailto: link on a remote… | ||
| CVE-2009-3838 | 0.05 | — | 0.06 | Nov 2, 2009 | Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long error message. | |||
| CVE-2004-2513 | 0.04 | — | 0.10 | Dec 31, 2004 | Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SELECT command. | |||
| CVE-2000-0930 | 0.04 | — | 0.08 | Dec 19, 2000 | Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch. | |||
| CVE-2002-1075 | 0.03 | — | 0.06 | Oct 4, 2002 | Buffer overflow in Pegasus mail client 4.01 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) To or (2) From headers. | |||
| CVE-2008-4315 | 0.00 | — | 0.03 | Nov 27, 2008 | tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks. | |||
| CVE-2008-4313 | 0.00 | — | 0.01 | Nov 27, 2008 | A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services. | |||
| CVE-2005-4445 | 0.00 | — | 0.03 | Dec 21, 2005 | Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows remote attackers to execute arbitrary code via a long email message header, which triggers a one-byte buffer overflow. | |||
| CVE-2005-4444 | 0.00 | — | 0.03 | Dec 21, 2005 | Stack-based buffer overflow in the trace message functionality in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow remote attackers to execute arbitrary code via a long POP3 reply. | |||
| CVE-2000-0931 | 0.00 | — | 0.02 | Dec 19, 2000 | Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long email message containing binary data. | |||
| CVE-1999-1366 | 0.00 | — | 0.00 | May 15, 1999 | Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail. |
- risk 0.47cvss 7.3epss 0.01
winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking on a mailto: link on a remote…
- CVE-2009-3838Nov 2, 2009risk 0.05cvss —epss 0.06
Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long error message.
- CVE-2004-2513Dec 31, 2004risk 0.04cvss —epss 0.10
Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SELECT command.
- CVE-2000-0930Dec 19, 2000risk 0.04cvss —epss 0.08
Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch.
- CVE-2002-1075Oct 4, 2002risk 0.03cvss —epss 0.06
Buffer overflow in Pegasus mail client 4.01 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) To or (2) From headers.
- CVE-2008-4315Nov 27, 2008risk 0.00cvss —epss 0.03
tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, Fedora 9, and Fedora 10 does not log failed authentication attempts to the OpenPegasus CIM server, which makes it easier for remote attackers to avoid detection of password guessing attacks.
- CVE-2008-4313Nov 27, 2008risk 0.00cvss —epss 0.01
A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 does not properly configure the PAM tty name, which allows remote authenticated users to bypass intended access restrictions and send requests to OpenPegasus WBEM services.
- CVE-2005-4445Dec 21, 2005risk 0.00cvss —epss 0.03
Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows remote attackers to execute arbitrary code via a long email message header, which triggers a one-byte buffer overflow.
- CVE-2005-4444Dec 21, 2005risk 0.00cvss —epss 0.03
Stack-based buffer overflow in the trace message functionality in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow remote attackers to execute arbitrary code via a long POP3 reply.
- CVE-2000-0931Dec 19, 2000risk 0.00cvss —epss 0.02
Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long email message containing binary data.
- CVE-1999-1366May 15, 1999risk 0.00cvss —epss 0.00
Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail.