Vulnerabilities > CMU > Cyrus Imap Server > 2.4.0

DATE CVE VULNERABILITY TITLE RISK
2011-09-14 CVE-2011-3481 Unspecified vulnerability in CMU Cyrus Imap Server
The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
network
cmu
4.3
2011-09-14 CVE-2011-3208 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in CMU Cyrus Imap Server
Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command.
network
low complexity
cmu CWE-119
7.5
2011-05-23 CVE-2011-1926 Permissions, Privileges, and Access Controls vulnerability in CMU Cyrus Imap Server
The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
network
high complexity
cmu CWE-264
5.1