rpm package
suse/cyrus-imapd&distro=SUSE Linux Enterprise Server 12 SP1
pkg:rpm/suse/cyrus-imapd&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-8079 | Med | 5.3 | < 2.3.18-40.1 | 2.3.18-40.1 | Sep 7, 2017 | qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db. | |
| CVE-2016-6354 | Cri | 9.8 | < 2.3.18-40.1 | 2.3.18-40.1 | Sep 21, 2016 | Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. | |
| CVE-2015-8078 | — | < 2.3.18-37.1 | 2.3.18-37.1 | Dec 3, 2015 | Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an | ||
| CVE-2015-8077 | — | < 2.3.18-37.1 | 2.3.18-37.1 | Dec 3, 2015 | Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an inc | ||
| CVE-2015-8076 | — | < 2.3.18-37.1 | 2.3.18-37.1 | Dec 3, 2015 | The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of- | ||
| CVE-2014-3566 | Low | 3.4 | < 2.3.18-37.1 | 2.3.18-37.1 | Oct 15, 2014 | The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. |
- affected < 2.3.18-40.1fixed 2.3.18-40.1
qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db.
- affected < 2.3.18-40.1fixed 2.3.18-40.1
Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.
- CVE-2015-8078Dec 3, 2015affected < 2.3.18-37.1fixed 2.3.18-37.1
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an
- CVE-2015-8077Dec 3, 2015affected < 2.3.18-37.1fixed 2.3.18-37.1
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an inc
- CVE-2015-8076Dec 3, 2015affected < 2.3.18-37.1fixed 2.3.18-37.1
The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an out-of-
- affected < 2.3.18-37.1fixed 2.3.18-37.1
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.