Pegasus Mail
by David Harris
CVEs (7)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2009-3838 | 0.05 | — | 0.23 | Nov 2, 2009 | Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long error message. | ||
| CVE-2002-1075 | 0.04 | — | 0.09 | Oct 4, 2002 | Buffer overflow in Pegasus mail client 4.01 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) To or (2) From headers. | ||
| CVE-2000-0930 | 0.03 | — | 0.05 | Dec 19, 2000 | Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch. | ||
| CVE-2005-4444 | 0.01 | — | 0.06 | Dec 21, 2005 | Stack-based buffer overflow in the trace message functionality in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow remote attackers to execute arbitrary code via a long POP3 reply. | ||
| CVE-2005-4445 | 0.00 | — | 0.05 | Dec 21, 2005 | Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows remote attackers to execute arbitrary code via a long email message header, which triggers a one-byte buffer overflow. | ||
| CVE-2000-0931 | 0.00 | — | 0.01 | Dec 19, 2000 | Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long email message containing binary data. | ||
| CVE-1999-1366 | 0.00 | — | 0.00 | May 15, 1999 | Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail. |
- CVE-2009-3838Nov 2, 2009risk 0.05cvss —epss 0.23
Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long error message.
- CVE-2002-1075Oct 4, 2002risk 0.04cvss —epss 0.09
Buffer overflow in Pegasus mail client 4.01 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) To or (2) From headers.
- CVE-2000-0930Dec 19, 2000risk 0.03cvss —epss 0.05
Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch.
- CVE-2005-4444Dec 21, 2005risk 0.01cvss —epss 0.06
Stack-based buffer overflow in the trace message functionality in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow remote attackers to execute arbitrary code via a long POP3 reply.
- CVE-2005-4445Dec 21, 2005risk 0.00cvss —epss 0.05
Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows remote attackers to execute arbitrary code via a long email message header, which triggers a one-byte buffer overflow.
- CVE-2000-0931Dec 19, 2000risk 0.00cvss —epss 0.01
Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long email message containing binary data.
- CVE-1999-1366May 15, 1999risk 0.00cvss —epss 0.00
Pegasus e-mail client 3.0 and earlier uses weak encryption to store POP3 passwords in the pmail.ini file, which allows local users to easily decrypt the passwords and read e-mail.