Vulnerabilities > Cyrus > High

DATE CVE VULNERABILITY TITLE RISK
2021-09-01 CVE-2021-33582 Algorithmic Complexity vulnerability in multiple products
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction.
network
low complexity
cyrus fedoraproject debian CWE-407
7.5
7.5
2015-12-03 CVE-2015-8076 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-bounds heap read.
network
low complexity
opensuse cyrus CWE-119
7.5
7.5
2011-12-24 CVE-2011-3372 Improper Authentication vulnerability in Cyrus Imapd
imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
network
low complexity
cyrus CWE-287
7.5
7.5
2005-05-02 CVE-2005-0546 Remote Buffer Overflow vulnerability in Cyrus IMAPD
Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.
network
low complexity
cyrus
7.5
7.5
2005-01-27 CVE-2004-0884 Remote And Local vulnerability in Cyrus SASL
The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs.
local
low complexity
cyrus conectiva
7.2
7.2
2004-10-07 CVE-2005-0373 Remote And Local vulnerability in Cyrus SASL
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
network
low complexity
cyrus openpkg suse conectiva apple redhat
7.5
7.5
2002-12-31 CVE-2002-2043 Authentication Patch SQL Command Execution vulnerability in Cyrus SASL LDAP+MySQL
SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password.
network
low complexity
cyrus
7.5
7.5