Vulnerabilities > Cyrus > Imap > 2.5.15
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-01 | CVE-2021-33582 | Algorithmic Complexity vulnerability in multiple products Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. | 7.5 |
| 2021-05-10 | CVE-2021-32056 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall. | 4.3 |
| 2017-09-10 | CVE-2017-14230 | Improper Input Validation vulnerability in Cyrus Imap In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LIST "" "Other Users"' command. | 6.4 |