Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cyrus vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2002-2253
Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and previous versions allow remote malicious users to execute arbitrary code via (1) a long header name, (2) a long IMAP flag, or (3) a script that generates a large number of errors that overflow the resulting error strin...
Cyrus Libsieve
7.5
CVSSv2
CVE-2011-3372
imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x prior to 2.4.12 allows remote malicious users to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
Cyrus Imapd
6.4
CVSSv2
CVE-2017-14230
In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP prior to 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote malicious users to obtain sensitive information or cause a denial of servi...
Cyrus Imap
6.9
CVSSv2
CVE-2020-8032
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local malicious users to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions.
Opensuse Cyrus-sasl
5.1
CVSSv2
CVE-2006-2502
Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote malicious users to execute arbitrary code via a long USER command.
Cyrus Imapd 2.3.2
3 EDB exploits
4.6
CVSSv2
CVE-2000-0956
cyrus-sasl prior to 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions.
Carnegie Mellon University Cyrus-sasl 1.5.24
4
CVSSv2
CVE-2017-12843
Cyrus IMAP prior to 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command.
Cyrusimap Cyrus Imap
Fedoraproject Fedora 26
4
CVSSv2
CVE-2021-32056
Cyrus IMAP prior to 3.2.7, and 3.3.x and 3.4.x prior to 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.
Cyrus Imap
Fedoraproject Fedora 34
Fedoraproject Fedora 35
7.5
CVSSv2
CVE-2019-18928
Cyrus IMAP 2.5.x prior to 2.5.14 and 3.x prior to 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.
Cyrus Imap
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Debian Debian Linux 9.0
5
CVSSv2
CVE-2021-33582
Cyrus IMAP prior to 3.4.2 allows remote malicious users to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2....
Cyrus Imap
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »