Cyrusimap
cyrusimap
5 CVEs • 2 products
Products (2)
Click to collapseToggle
Products (2)
Click to collapse
CVEs (5)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command. |
5Cyrusimap DebianFedoraproject+2 more8Active Iq Unified Manager Communications Cloud Native Core ConsoleCommunications Cloud Native Core Network Function Cloud Native Environment+5 moreNov 21, 2024 Feb 24, 2022 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. |
7Apache AppleCanonical+4 more19Bookkeeper Cyrus SaslDebian Linux+16 moreNov 21, 2024 Dec 19, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. The OpenLDAP crash is ultimately caused by an off-by-one error in...Show more |
2Cyrusimap Fedoraproject2Cyrus Imap FedoraMay 13, 2026 Aug 22, 2017 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command. |
2Apple Cyrusimap3Cyrus Sasl Mac Os XMac Os X ServerApr 16, 2026 Dec 18, 2002 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) charact...Show more |