Vulnerabilities > CMU > Cyrus Imap Server > 2.4.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2011-09-14 | CVE-2011-3481 | Unspecified vulnerability in CMU Cyrus Imap Server The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message. network cmu | 4.3 |
2011-09-14 | CVE-2011-3208 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in CMU Cyrus Imap Server Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command. | 7.5 |
2011-05-23 | CVE-2011-1926 | Permissions, Privileges, and Access Controls vulnerability in CMU Cyrus Imap Server The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411. | 5.1 |