GCVE - cpe:2.3:a:squirrelmail:squirrelmail:1.4.5

Approved changes feed: RSS · Atom

cpe:2.3:a:squirrelmail:squirrelmail:1.4.5_rc1:*:*:*:*:*:*:*

part: a version: 1.4.5_rc1 update: *

Vendor	Squirrelmail (`53f64d69-42c3-5c49-8690-e66c5b6ca053`)
Product	Squirrelmail (`2ace0a45-e551-5a60-86d7-16eaf090c4a3`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/realityripple/squirrelmail`	purl2cpe	2026-06-01 10:18:11.049784
`pkg:rpm/fedora/squirrelmail`	purl2cpe	2026-06-01 10:18:11.049786
`pkg:rpm/opensuse/squirrelmail`	purl2cpe	2026-06-01 10:18:11.049788
`pkg:sourceforge/squirrelmail`	purl2cpe	2026-06-01 10:18:11.049789

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2010-2813`	vulnerable	2026-06-08 04:55:10.829736	Details available functions/imap_general.php in SquirrelMail before 1.4.21 does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preferences files. Published: 2010-08-19T17:43:00.000Z Updated: 2024-08-07T02:46:48.556Z Open on db.gcve.eu Reference links http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045383.html http://support.apple.com/kb/HT5130 https://exchange.xforce.ibmcloud.com/vulnerabilities/61124 http://lists.fedoraproject.org/pipermail/package-announce/2010-August/045372.html http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail/branches/SM-1_4-STABLE/squirrelmail/functions/imap_general.php?view=patch&r1=13972&r2=13971&pathrev=13972	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-2964`	vulnerable	2026-06-08 04:51:31.596070	Details available Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier, and NaSMail before 1.7, allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, (10) src/folders_subscribe.php, (11) src/move_messages.php, (12) src/options.php, (13) src/options_highlight.php, (14) src/options_identities.php, (15) src/options_order.php, (16) src/search.php, and (17) src/vcard.php. Published: 2009-08-25T17:00:00.000Z Updated: 2024-08-07T06:07:37.413Z Open on db.gcve.eu Reference links http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00954.html https://gna.org/forum/forum.php?forum_id=2146 http://www.vupen.com/english/advisories/2010/1481 http://download.gna.org/nasmail/nasmail-1.7.zip	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-2379`	vulnerable	2026-06-08 04:50:23.773672	Details available Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 allows remote attackers to inject arbitrary web script or HTML via a crafted hyperlink in an HTML part of an e-mail message. Published: 2008-12-05T00:00:00.000Z Updated: 2024-08-07T08:58:02.253Z Open on db.gcve.eu Reference links https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9764 http://secunia.com/advisories/33937 http://secunia.com/advisories/33071 https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00449.html http://secunia.com/advisories/33054	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Squirrelmail

PURL mappings

Vulnerability references

Contribute