Vulnerabilities > Cyrus > Imap > 2.3.10
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-09-01 | CVE-2021-33582 | Algorithmic Complexity vulnerability in multiple products Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. | 7.5 |
2021-05-10 | CVE-2021-32056 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall. | 4.3 |
2017-09-10 | CVE-2017-14230 | Improper Input Validation vulnerability in Cyrus Imap In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command. | 6.4 |
2015-12-03 | CVE-2015-8076 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read. | 7.5 |