rpm package
opensuse/cyrus-imapd&distro=openSUSE Leap 16.0
pkg:rpm/opensuse/cyrus-imapd&distro=openSUSE%20Leap%2016.0
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-49812 | — | < 3.8.6-bp160.1.1 | 3.8.6-bp160.1.1 | Jul 10, 2025 | In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected. | ||
| CVE-2025-23394 | Cri | 9.8 | < 3.8.6-bp160.1.1 | 3.8.6-bp160.1.1 | May 26, 2025 | A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1. |
- CVE-2025-49812Jul 10, 2025affected < 3.8.6-bp160.1.1fixed 3.8.6-bp160.1.1
In some mod_ssl configurations on Apache HTTP Server versions through to 2.4.63, an HTTP desynchronisation attack allows a man-in-the-middle attacker to hijack an HTTP session via a TLS upgrade. Only configurations using "SSLEngine optional" to enable TLS upgrades are affected.
- affected < 3.8.6-bp160.1.1fixed 3.8.6-bp160.1.1
A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1.