Carnegie Mellon University Cyrus Imap Server vulnerabilities
7 known vulnerabilities affecting carnegie_mellon_university/cyrus_imap_server.
Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2004-1067CRITICALCVSS 10.0v1.4v1.5.19+16 more2005-01-10
CVE-2004-1067 [CRITICAL] CVE-2004-1067: Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a
Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.
nvd
CVE-2004-1012CRITICALCVSS 10.0v2.1.7v2.1.9+11 more2005-01-10
CVE-2004-1012 [CRITICAL] CVE-2004-1012: The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote auth
The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.
nvd
CVE-2004-1015CRITICALCVSS 10.0v1.4v1.5.19+16 more2005-01-10
CVE-2004-1015 [CRITICAL] CVE-2004-1015: Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option ena
Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.
nvd
CVE-2004-1013CRITICALCVSS 10.0v2.1.7v2.1.9+11 more2005-01-10
CVE-2004-1013 [CRITICAL] CVE-2004-1013: The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote auth
The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.
nvd
CVE-2004-1011CRITICALCVSS 10.0v2.1.7v2.1.9+11 more2005-01-10
CVE-2004-1011 [CRITICAL] CVE-2004-1011: Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option
Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.
nvd
CVE-2002-1580HIGHCVSS 7.5PoCv1.4v1.5.19+4 more2004-06-14
CVE-2002-1580 [HIGH] CVE-2002-1580: Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to exec
Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347.
nvd
CVE-2001-1154MEDIUMCVSS 5.0v1.6.24v2.0.15+1 more2001-08-30
CVE-2001-1154 [MEDIUM] CVE-2001-1154: Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a
Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients.
nvd