Vulnerabilities > Cyrus > Sasl > 2.1.16
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-01-27 | CVE-2004-0884 | Remote And Local vulnerability in Cyrus SASL The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and earlier trust the SASL_PATH environment variable to find all available SASL plug-ins, which allows local users to execute arbitrary code by modifying the SASL_PATH to point to malicious programs. | 7.2 |
| 2004-10-07 | CVE-2005-0373 | Remote And Local vulnerability in Cyrus SASL Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code. | 7.5 |