Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cyrus vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-34055
Cyrus IMAP prior to 3.8.3 and 3.10.x prior to 3.10.0-rc1 allows authenticated malicious users to cause unbounded memory allocation by sending many LITERALs in a single command.
8.8
CVSSv3
CVE-2022-24407
In Cyrus SASL 2.1.17 up to and including 2.1.27 prior to 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
Cyrusimap Cyrus-sasl
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Debian Debian Linux 11.0
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Netapp Ontap Select Deploy Administration Utility -
Netapp Active Iq Unified Manager -
Oracle Communications Cloud Native Core Security Edge Protection Proxy 22.1.1
Oracle Communications Cloud Native Core Console 22.2.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 22.2.0
7.5
CVSSv3
CVE-2021-33582
Cyrus IMAP prior to 3.4.2 allows remote malicious users to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2....
Cyrus Imap
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
4.3
CVSSv3
CVE-2021-32056
Cyrus IMAP prior to 3.2.7, and 3.3.x and 3.4.x prior to 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.
Cyrus Imap
Fedoraproject Fedora 34
Fedoraproject Fedora 35
7
CVSSv3
CVE-2020-8032
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local malicious users to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions.
Opensuse Cyrus-sasl
7.5
CVSSv3
CVE-2019-19906
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in _sasl_add_string in common.c in cyrus-sasl.
Cyrusimap Cyrus-sasl
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 14.04
Canonical Ubuntu Linux 19.10
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 12.04
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Jboss Enterprise Web Server 2.0.0
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 8.0
Apple Mac Os X 10.14.6
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
Redhat Enterprise Linux Server Update Services For Sap Solutions 8.4
Redhat Enterprise Linux For Power Little Endian 8.0
6.5
CVSSv3
CVE-2019-19783
An issue exists in Cyrus IMAP prior to 2.5.15, 3.0.x prior to 3.0.13, and 3.1.x up to and including 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containin...
Cyrus Imap
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Canonical Ubuntu Linux 18.04
9.8
CVSSv3
CVE-2019-18928
Cyrus IMAP 2.5.x prior to 2.5.14 and 3.x prior to 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.
Cyrus Imap
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 9.0
9.8
CVSSv3
CVE-2019-11356
The CalDAV feature in httpd in Cyrus IMAP 2.5.x up to and including 2.5.12 and 3.0.x up to and including 3.0.9 allows remote malicious users to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.
Cyrus Imap
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Debian Debian Linux 9.0
Canonical Ubuntu Linux 18.04
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux Eus 8.1
Redhat Enterprise Linux Eus 8.2
Redhat Enterprise Linux Server Tus 8.2
Redhat Enterprise Linux Server Aus 8.2
Redhat Enterprise Linux Server Tus 8.4
Redhat Enterprise Linux Eus 8.4
Redhat Enterprise Linux Server Aus 8.4
9.1
CVSSv3
CVE-2017-14230
In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP prior to 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote malicious users to obtain sensitive information or cause a denial of servi...
Cyrus Imap
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »