threat
engine
.sh
Back
·
··:··
Home
/
Product
/
cyrus imap
Product
cyrus imap
17 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2021-33582
< 3.0.16
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is misha
7.5
HIGH
CVE-2021-32056
< 3.2.7
Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restriction
4.3
MEDIUM
CVE-2019-19783
>= 2.5.0 and < 2.5.15
An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is al
6.5
MEDIUM
CVE-2019-18928
>= 2.5.0 and < 2.5.14
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the
9.8
CRITICAL
CVE-2019-11356
>= 2.5.0 and <= 2.5.12
The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrar
9.8
CRITICAL
CVE-2017-14230
<= 3.0.3
In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the
9.1
CRITICAL
CVE-2015-8078
all versions
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to
CVE-2015-8077
all versions
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to
CVE-2015-8076
all versions
The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote at
CVE-2008-5514
<= 2007d
Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client lib
CVE-2003-0297
all versions
c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (cras
CVE-2000-1197
all versions
POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and other operating systems creates lock files with predictable nam
CVE-2000-0847
all versions
Buffer overflow in University of Washington c-client library (used by pine and other programs) allows remote attackers to execute
CVE-2000-0284
all versions
Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or ot
CVE-1999-0920
all versions
Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command.
CVE-1999-0005
all versions
Arbitrary command execution via IMAP buffer overflow in authenticate command.
CVE-1999-0042
all versions
Buffer overflow in University of Washington's implementation of IMAP and POP servers.
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin