Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cyrus vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2021-33582
Cyrus IMAP prior to 3.4.2 allows remote malicious users to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2....
Cyrus Imap
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
7.5
CVSSv2
CVE-2005-0373
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote malicious users to execute arbitrary code.
Cyrus Sasl 1.5.24
Cyrus Sasl 1.5.27
Cyrus Sasl 1.5.28
Cyrus Sasl 2.1.16
Cyrus Sasl 2.1.17
Conectiva Linux 9.0
Cyrus Sasl 2.1.12
Cyrus Sasl 2.1.13
Cyrus Sasl 2.1.9
Openpkg Openpkg 2.1
Openpkg Openpkg 2.2
Cyrus Sasl 2.1.10
Cyrus Sasl 2.1.11
Cyrus Sasl 2.1.18
Cyrus Sasl 2.1.18 R1
Cyrus Sasl 2.1.14
Cyrus Sasl 2.1.15
Suse Suse Cvsup 16.1h 36.i586
Conectiva Linux 10.0
Apple Mac Os X 10.1.1
Apple Mac Os X 10.1.2
Apple Mac Os X 10.2.3
3.5
CVSSv2
CVE-2019-19783
An issue exists in Cyrus IMAP prior to 2.5.15, 3.0.x prior to 3.0.13, and 3.1.x up to and including 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containin...
Cyrus Imap
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Canonical Ubuntu Linux 18.04
7.5
CVSSv2
CVE-2019-11356
The CalDAV feature in httpd in Cyrus IMAP 2.5.x up to and including 2.5.12 and 3.0.x up to and including 3.0.9 allows remote malicious users to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.
Cyrus Imap
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
6.5
CVSSv2
CVE-2022-24407
In Cyrus SASL 2.1.17 up to and including 2.1.27 prior to 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
Cyrusimap Cyrus-sasl
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Netapp Ontap Select Deploy Administration Utility -
Netapp Active Iq Unified Manager -
Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.1
Oracle Communications Cloud Native Core Console 22.2.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 22.2.0
5
CVSSv2
CVE-2019-19906
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
Cyrusimap Cyrus-sasl
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Jboss Enterprise Web Server 2.0.0
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 8.0
Apple Mac Os X 10.14.6
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.4
Redhat Enterprise Linux For Power Little Endian 8.0
7.5
CVSSv2
CVE-2001-0869
Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote malicious users to execute arbitrary commands.
Caldera Openlinux Workstation 3.1
Redhat Linux Powertools 6.2
Suse Suse Linux 7.0
Suse Suse Linux 7.1
Suse Suse Linux 7.2
Suse Suse Linux 7.3
Caldera Openlinux Eserver 3.1
Redhat Linux 7.0
Redhat Linux 7.2
6.8
CVSSv2
CVE-2011-1720
The SMTP server in Postfix prior to 2.5.13, 2.6.x prior to 2.6.10, 2.7.x prior to 2.7.4, and 2.8.x prior to 2.8.3, when certain Cyrus SASL authentication methods are enabled, does not create a new server handle after client authentication fails, which allows remote malicious user...
Postfix Postfix 2.3.16
Postfix Postfix 2.3.18
Postfix Postfix 2.0.10
Postfix Postfix 2.4.10
Postfix Postfix 2.5.0
Postfix Postfix 2.4
Postfix Postfix 2.3.11
Postfix Postfix 2.0.14
Postfix Postfix 2.0.17
Postfix Postfix 2.2.7
Postfix Postfix 2.0.16
Postfix Postfix 2.3.6
Postfix Postfix 2.1.5
Postfix Postfix 2.5.9
Postfix Postfix 2.3.0
Postfix Postfix 2.0.6
Postfix Postfix 2.2.4
Postfix Postfix 2.0.15
Postfix Postfix 2.5.2
Postfix Postfix 2.4.15
Postfix Postfix 2.5.12
Postfix Postfix 2.4.0
2 Nmap scripts
1 Github repository
5
CVSSv2
CVE-2013-7177
config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban prior to 0.8.11 allows remote malicious users to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an improperly designed regular expression.
Fail2ban Fail2ban 0.8.7.1
Fail2ban Fail2ban 0.8.7
Fail2ban Fail2ban 0.7.9
Fail2ban Fail2ban 0.7.8
Fail2ban Fail2ban 0.7.1
Fail2ban Fail2ban 0.7.0
Fail2ban Fail2ban 0.5.1
Fail2ban Fail2ban 0.5.0
Fail2ban Fail2ban
Fail2ban Fail2ban 0.8.9
Fail2ban Fail2ban 0.8.8
Fail2ban Fail2ban 0.8.2
Fail2ban Fail2ban 0.8.1
Fail2ban Fail2ban 0.8.0
Fail2ban Fail2ban 0.7.3
Fail2ban Fail2ban 0.7.2
Fail2ban Fail2ban 0.5.3
Fail2ban Fail2ban 0.5.2
Fail2ban Fail2ban 0.1.1
Fail2ban Fail2ban 0.1.0
Fail2ban Fail2ban 0.8.4
Fail2ban Fail2ban 0.8.3
4.6
CVSSv2
CVE-2004-1089
Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using Kerberos authentication and Cyrus IMAP allows local users to access mailboxes of other users.
Apple Darwin Streaming Server 5.0.1
Apple Quicktime Streaming Server 4.1.1
Apple Darwin Streaming Server 4.1.3
Apple Mac Os X 10.2
Apple Mac Os X 10.2.8
Apple Mac Os X 10.3
Apple Mac Os X Server 10.2
Apple Mac Os X Server 10.2.1
Apple Mac Os X Server 10.2.8
Apple Mac Os X Server 10.3
Apple Mac Os X 10.2.6
Apple Mac Os X 10.2.7
Apple Mac Os X 10.3.5
Apple Mac Os X 10.3.6
Apple Mac Os X Server 10.2.6
Apple Mac Os X Server 10.2.7
Apple Mac Os X Server 10.3.6
Apple Mac Os X 10.2.3
Apple Mac Os X 10.2.4
Apple Mac Os X 10.2.5
Apple Mac Os X 10.3.3
Apple Mac Os X 10.3.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »