Aggregates CVE and security vulnerability intelligence across all tabslab-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk memory corruption and vendor risk buffer overflow and related problems; some flaws may lead to vendor impact memory corruption and vendor impact application crash.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2019-25646 | Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attackers can connect to the SMTP service on port 25 and send a malicious MAIL FROM command with an oversized buffer to overwrite the EIP register and execute a bind shell payload. | [email protected] | 9.3 | 0.91% | 2026-03-24 | 2026-03-25 |
| CVE-2019-25364 | MailCarrier 2.51 contains a buffer overflow vulnerability in the POP3 USER command that allows remote attackers to execute arbitrary code. Attackers can send a crafted oversized buffer to the POP3 service, overwriting memory and potentially gaining remote system access. | [email protected] | 9.3 | 0.83% | 2026-02-18 | 2026-02-24 |
| CVE-2019-11682 | A buffer overflow in the SMTP response service in MailCarrier 2.51 allows the attacker to execute arbitrary code remotely via a long HELP command, a related issue to CVE-2019-11395. | [email protected] | 9.8 | 3.22% | 2019-05-02 | 2024-11-21 |
| CVE-2019-11395 | A buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long string, as demonstrated by SMTP RCPT TO, POP3 USER, POP3 LIST, POP3 TOP, or POP3 RETR. | [email protected] | 9.8 | 14.57% | 2019-04-22 | 2024-11-21 |