VYPR

IMAP

by Cyrus

Source repositories

CVEs (10)

  • CVE-2017-14230CriSep 10, 2017
    risk 0.59cvss 9.1epss 0.02

    In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service…

  • CVE-2017-12843MedAug 22, 2017
    risk 0.42cvss 6.5epss 0.01

    Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command.

  • CVE-2006-2502May 22, 2006
    risk 0.07cvss epss 0.53

    Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.

  • CVE-2024-34055Jun 5, 2024
    risk 0.00cvss epss 0.01

    Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.

  • CVE-2015-8078Dec 3, 2015
    risk 0.00cvss epss 0.03

    Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an…

  • CVE-2015-8077Dec 3, 2015
    risk 0.00cvss epss 0.03

    Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an…

  • CVE-2015-8076Dec 3, 2015
    risk 0.00cvss epss 0.03

    The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified other impact via vectors related to the urlfetch range, which triggers an…

  • CVE-2011-3372Dec 24, 2011
    risk 0.00cvss epss 0.03

    imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.

  • CVE-2005-0546May 2, 2005
    risk 0.00cvss epss 0.04

    Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a…

  • CVE-2001-1154Aug 30, 2001
    risk 0.00cvss epss 0.02

    Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients.