Vendor CVEs
Carnegie Mellon University
All CVEs
28 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-1347 | Cri | 0.64 | 9.8 | 0.07 | Dec 18, 2002 | Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication… | ||
| CVE-2026-35467 | Hig | 0.42 | 7.5 | 0.00 | Apr 2, 2026 | The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials. | ||
| CVE-2017-12843 | Med | 0.42 | 6.5 | 0.01 | Aug 22, 2017 | Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command. | ||
| CVE-2026-35466 | Med | 0.33 | 6.1 | 0.00 | Apr 2, 2026 | XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services | ||
| CVE-2002-1580 | 0.04 | — | 0.17 | Jun 14, 2004 | Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347. | |||
| CVE-2009-0688 | 0.01 | — | 0.08 | May 15, 2009 | Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c. | |||
| CVE-2022-24407 | 0.00 | — | 0.04 | Feb 23, 2022 | In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement. | |||
| CVE-2020-8032 | 0.00 | — | 0.00 | Feb 25, 2021 | A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions. | |||
| CVE-2018-17161 | 0.00 | — | 0.04 | Jan 3, 2019 | In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. It is… | |||
| CVE-2014-7723 | 0.00 | — | 0.00 | Oct 21, 2014 | The Carnegie Mellon Silicon Valley (aka edu.cmu.sv.mobile) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||
| CVE-2014-0027 | 0.00 | — | 0.00 | Jan 26, 2014 | The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information. | |||
| CVE-2013-4122 | 0.00 | — | 0.04 | Oct 27, 2013 | Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid… | |||
| CVE-2011-3481 | 0.00 | — | 0.02 | Sep 14, 2011 | The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message. | |||
| CVE-2011-3208 | 0.00 | — | 0.05 | Sep 14, 2011 | Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command. | |||
| CVE-2011-1926 | 0.00 | — | 0.04 | May 23, 2011 | The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a… | |||
| CVE-2009-2632 | 0.00 | — | 0.00 | Sep 8, 2009 | Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted… | |||
| CVE-2009-0663 | 0.00 | — | 0.04 | Apr 30, 2009 | Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows. | |||
| CVE-2006-1721 | 0.00 | — | 0.02 | Apr 11, 2006 | digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation. | |||
| CVE-2006-0250 | 0.00 | — | 0.03 | Jan 18, 2006 | Format string vulnerability in the snmp_input function in snmptrapd in CMU SNMP utilities (cmu-snmp) allows remote attackers to execute arbitrary code by sending crafted SNMP messages to UDP port 162. | |||
| CVE-2004-1013 | 0.00 | — | 0.06 | Jan 10, 2005 | The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an… | |||
| CVE-2004-1067 | 0.00 | — | 0.05 | Jan 10, 2005 | Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username. | |||
| CVE-2004-1011 | 0.00 | — | 0.06 | Jan 10, 2005 | Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015. | |||
| CVE-2004-1015 | 0.00 | — | 0.05 | Jan 10, 2005 | Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011. | |||
| CVE-2004-1012 | 0.00 | — | 0.06 | Jan 10, 2005 | The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to… | |||
| CVE-2001-1154 | 0.00 | — | 0.02 | Aug 30, 2001 | Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients. | |||
| CVE-2000-0956 | 0.00 | — | 0.00 | Dec 19, 2000 | cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions. | |||
| CVE-1999-0798 | 0.00 | — | 0.02 | Dec 4, 1998 | Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type. | |||
| CVE-1999-0799 | 0.00 | — | 0.02 | Jun 1, 1997 | Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location. |
- risk 0.64cvss 9.8epss 0.07
Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication…
- risk 0.42cvss 7.5epss 0.00
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials.
- risk 0.42cvss 6.5epss 0.01
Cyrus IMAP before 3.0.3 allows remote authenticated users to write to arbitrary files via a crafted (1) SYNCAPPLY, (2) SYNCGET or (3) SYNCRESTORE command.
- risk 0.33cvss 6.1epss 0.00
XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services
- CVE-2002-1580Jun 14, 2004risk 0.04cvss —epss 0.17
Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347.
- CVE-2009-0688May 15, 2009risk 0.01cvss —epss 0.08
Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c.
- CVE-2022-24407Feb 23, 2022risk 0.00cvss —epss 0.04
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
- CVE-2020-8032Feb 25, 2021risk 0.00cvss —epss 0.00
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions.
- CVE-2018-17161Jan 3, 2019risk 0.00cvss —epss 0.04
In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. It is…
- CVE-2014-7723Oct 21, 2014risk 0.00cvss —epss 0.00
The Carnegie Mellon Silicon Valley (aka edu.cmu.sv.mobile) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
- CVE-2014-0027Jan 26, 2014risk 0.00cvss —epss 0.00
The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information.
- CVE-2013-4122Oct 27, 2013risk 0.00cvss —epss 0.04
Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid…
- CVE-2011-3481Sep 14, 2011risk 0.00cvss —epss 0.02
The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
- CVE-2011-3208Sep 14, 2011risk 0.00cvss —epss 0.05
Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command.
- CVE-2011-1926May 23, 2011risk 0.00cvss —epss 0.04
The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a…
- CVE-2009-2632Sep 8, 2009risk 0.00cvss —epss 0.00
Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted…
- CVE-2009-0663Apr 30, 2009risk 0.00cvss —epss 0.04
Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows.
- CVE-2006-1721Apr 11, 2006risk 0.00cvss —epss 0.02
digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.
- CVE-2006-0250Jan 18, 2006risk 0.00cvss —epss 0.03
Format string vulnerability in the snmp_input function in snmptrapd in CMU SNMP utilities (cmu-snmp) allows remote attackers to execute arbitrary code by sending crafted SNMP messages to UDP port 162.
- CVE-2004-1013Jan 10, 2005risk 0.00cvss —epss 0.06
The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an…
- CVE-2004-1067Jan 10, 2005risk 0.00cvss —epss 0.05
Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.
- CVE-2004-1011Jan 10, 2005risk 0.00cvss —epss 0.06
Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.
- CVE-2004-1015Jan 10, 2005risk 0.00cvss —epss 0.05
Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.
- CVE-2004-1012Jan 10, 2005risk 0.00cvss —epss 0.06
The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to…
- CVE-2001-1154Aug 30, 2001risk 0.00cvss —epss 0.02
Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients.
- CVE-2000-0956Dec 19, 2000risk 0.00cvss —epss 0.00
cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions.
- CVE-1999-0798Dec 4, 1998risk 0.00cvss —epss 0.02
Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type.
- CVE-1999-0799Jun 1, 1997risk 0.00cvss —epss 0.02
Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location.