Debian Cyrus-Imapd vulnerabilities
9 known vulnerabilities affecting debian/cyrus-imapd.
Total CVEs
9
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL5HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2002-1580P3CRITICALCVSS 9.8PoCfixed in cyrus-imapd 1.5.19-9.10 (bookworm)2002
CVE-2002-1580 [CRITICAL] CVE-2002-1580: cyrus-imapd - Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remo...
Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347.
Scope: local
bookworm: resolved (fixed in 1.5.19-9.10)
bullseye: resolved (fixed in 1.5.19-9.10)
forky: resolved (fixed in 1.5.19
debian
CVE-2019-11356P2CRITICALCVSS 9.8fixed in cyrus-imapd 3.0.8-6 (bookworm)2019
CVE-2019-11356 [CRITICAL] CVE-2019-11356: cyrus-imapd - The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through...
The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.
Scope: local
bookworm: resolved (fixed in 3.0.8-6)
bullseye: resolved (fixed in 3.0.8-6)
forky: resolved (fixed in 3.0.8-6)
sid: resolved (f
debian
CVE-2019-18928P3CRITICALCVSS 9.8fixed in cyrus-imapd 3.0.12-1 (bookworm)2019
CVE-2019-18928 [CRITICAL] CVE-2019-18928: cyrus-imapd - Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation...
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.
Scope: local
bookworm: resolved (fixed in 3.0.12-1)
bullseye: resolved (fixed in 3.0.12-1)
forky: resolved (fixed in 3.0.12-1)
sid: re
debian
CVE-2004-1012P3CRITICALCVSS 10.0fixed in cyrus-imapd 1.5.19-20 (bookworm)2004
CVE-2004-1012 [CRITICAL] CVE-2004-1012: cyrus-imapd - The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlie...
The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.
Scope: local
bookworm: resolved (fixed in 1.5.19
debian
CVE-2004-1013P3CRITICALCVSS 10.0fixed in cyrus-imapd 1.5.19-20 (bookworm)2004
CVE-2004-1013 [CRITICAL] CVE-2004-1013: cyrus-imapd - The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2....
The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.
Scope: local
bookworm: resolved (fixed in 1.5.19-20)
bul
debian
CVE-2021-33582P3HIGHCVSS 7.5fixed in cyrus-imapd 3.4.2-1 (bookworm)2021
CVE-2021-33582 [HIGH] CVE-2021-33582: cyrus-imapd - Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (mu...
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16.
Scope: local
bookworm: resolved (fixed in 3.4.2-1)
bullseye: resolved (fixed
debian
CVE-2019-19783P3MEDIUMCVSS 6.5fixed in cyrus-imapd 3.0.13-1 (bookworm)2019
CVE-2019-19783 [MEDIUM] CVE-2019-19783: cyrus-imapd - An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3....
An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed (3.x) or certain non-default sieve options are enabled (2.x), a user with a mail account on the service can use a sieve script containing a fileinto directive to create any mailbox with administrator privileges, because of fol
debian
CVE-2024-34055P4MEDIUMCVSS 6.5fixed in cyrus-imapd 3.6.1-4+deb12u2 (bookworm)2024
CVE-2024-34055 [MEDIUM] CVE-2024-34055: cyrus-imapd - Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attack...
Cyrus IMAP before 3.8.3 and 3.10.x before 3.10.0-rc1 allows authenticated attackers to cause unbounded memory allocation by sending many LITERALs in a single command.
Scope: local
bookworm: resolved (fixed in 3.6.1-4+deb12u2)
bullseye: open
forky: resolved (fixed in 3.8.3-1)
sid: resolved (fixed in 3.8.3-1)
trixie: resolved (fixed in 3.8.3-1)
debian
CVE-2021-32056P4MEDIUMCVSS 4.3fixed in cyrus-imapd 3.2.6-2 (bookworm)2021
CVE-2021-32056 [MEDIUM] CVE-2021-32056: cyrus-imapd - Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authent...
Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall.
Scope: local
bookworm: resolved (fixed in 3.2.6-2)
bullseye: resolved (fixed in 3.2.6-2)
forky: resolved (fixed in 3.2.6-2)
sid: resolved (fixed in 3.2.6-2)
trixie
debian