Every CVE whose affected-product data names Netwin Surgemail, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2007-4372 — CVSS 10.0 (critical): Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server 2003 has unknown impact and remote attack vectors. NOTE: this…
CVE-2004-2537 — CVSS 10.0 (critical): Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug."
CVE-2008-1498 — CVSS 9.0 (critical): Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute…
CVE-2008-1497 — CVSS 9.0 (critical): Stack-based buffer overflow in the IMAP service in NetWin SurgeMail 38k4-4 and earlier allows remote authenticated users to execute…
CVE-2008-1055 — CVSS 7.5 (high): Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 and earlier and beta 39a, and WebMail 3.1s and earlier, allows remote…
CVE-2007-2655 — CVSS 7.5 (high): Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a…
CVE-2008-1054 — CVSS 6.4 (medium): Stack-based buffer overflow in the _lib_spawn_user_getpid function in (1) swatch.exe and (2) surgemail.exe in NetWin SurgeMail 38k4 and…
CVE-2007-4377 — CVSS 6.0 (medium): Stack-based buffer overflow in the IMAP service in SurgeMail 38k allows remote authenticated users to execute arbitrary code via a long…
CVE-2007-6457 — CVSS 5.0 (medium): Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 allows remote attackers to cause a denial of service (crash) via a…
CVE-2008-2859 — CVSS 5.0 (medium): Unspecified vulnerability in the IMAP service in NetWin SurgeMail before 3.9g2 allows remote attackers to cause a denial of service (daemon…
CVE-2012-2575 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the…
CVE-2004-2548 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject…
CVE-2010-3201 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in NetWin Surgemail before 4.3g allows remote attackers to inject arbitrary web script or HTML via…
CVE-2005-1714 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2005-0846 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject…
CVE-2008-7182 — CVSS 4.0 (medium): Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users…
CVE-2004-2547 — CVSS 2.6 (low): NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify…