There is no generic POP3 or IMAP vulnerability. In fact, you'll find open ports for this on many servers in the internet since these protocols are used to retrieve e-mail - hopefully in combination with TLS, i.e. after upgrading the initially plain connection to TLS using the STLS/STARTTLS commands.
There are though bugs in POP3 and IMAP servers too and probably more likely with IMAP since this is a way more complex protocol compared to POP3. A quick search for IMAP or POP3 on cvedetails.com will show numerous known vulnerabilities from the past.
Also I get the word "Fenix" on both of those ports. Is this the company hosting their IMAP/POP3 servers?
I'm not sure what exactly you are referring to but my guess is that you've seen this string in the first line you've got when connecting to these ports. Both IMAP and POP3 (and SMTP and FTP...) send after the connection a greeting from the server to the client and this greeting often contains a hostname or server type or whatever the admins liked to have there. Looking for fenix imap at shodan returns something like this:
* OK [CAPABILITY IMAP4rev1 ... AUTH=PLAIN] Fenix ready.
* CAPABILITY IMAP4rev1 UNSELECT ID CHILDREN NAMESPACE IDLE UIDPLUS AUTH=PLAIN
A001 OK Pre-login capabilities listed, post-login capabilities have more.
* ID ("name" "Dovecot")
A002 OK ID completed.
So according to the ID this is a Dovecot server, one of the major IMAP/POP3 server implemtations out there (and open source). It has a setting to set the greeting, i.e. a simple
login_greeting = Fenix ready
In the dovecot.conf will result in the same kind of response you see. So somebody decided that this might be a useful greeting and from the shodan query it looks like GoDaddy is behind at least many of such systems.