Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

hmailserver

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

5
Related CVEsRelated ProductsRelated AssignersReports
5Vulnerabilities found
CVE-2025-52372
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.02% / 2.94%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 00:00
Updated-08 Aug, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in hMailServer v.5.8.6 allows a local attacker to obtain sensitive information via the hmailserver/installation/hMailServerInnoExtension.iss and hMailServer.ini components.

Action-Not Available
Vendor-hmailservern/a
Product-hmailservern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-52373
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.03% / 6.47%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 00:00
Updated-07 Aug, 2025 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of hardcoded cryptographic key in BlowFish.cpp in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords used in database connections from hMailServer.ini config file.

Action-Not Available
Vendor-hmailservern/a
Product-hmailservern/a
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2025-52374
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.6||MEDIUM
EPSS-0.02% / 2.64%
||
7 Day CHG~0.00%
Published-21 Jul, 2025 | 00:00
Updated-07 Aug, 2025 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of hardcoded cryptographic key in Encryption.cs in hMailServer 5.8.6 and 5.6.9-beta allows attacker to decrypt passwords to other servers from hMailAdmin.exe.config file to access other hMailServer admin consoles with configured connections.

Action-Not Available
Vendor-hmailservern/a
Product-hmailservern/a
CWE ID-CWE-321
Use of Hard-coded Cryptographic Key
CVE-2013-5571
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.33% / 55.61%
||
7 Day CHG~0.00%
Published-07 Jan, 2020 | 13:13
Updated-06 Aug, 2024 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HMailServer 5.3.x and prior: Memory Corruption which could cause DOS

Action-Not Available
Vendor-hmailservern/a
Product-hmailservern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2008-3676
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-9.44% / 92.49%
||
7 Day CHG~0.00%
Published-14 Aug, 2008 | 19:00
Updated-07 Aug, 2024 | 09:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 allows remote authenticated users to cause a denial of service (resource exhaustion or daemon crash) via a long series of IMAP commands.

Action-Not Available
Vendor-hmailservern/a
Product-hmailservern/a
CWE ID-CWE-20
Improper Input Validation