Carnegie Mellon University Cyrus Imap Server 2.3.14
Approved changes feed: RSS · Atom
cpe:2.3:a:cmu:cyrus_imap_server:2.3.14:*:*:*:*:*:*:*
part: a version: 2.3.14 update: *
| Vendor | Cmu (d8fc24cc-efa9-507c-a308-194264732bb6) |
|---|---|
| Product | Cyrus Imap Server (8bb12f5d-b21e-5550-9e7c-70de034c08e4) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/cyrus-imapd |
purl2cpe | 2026-06-01 10:11:52.324752 |
pkg:deb/ubuntu/cyrus-imapd |
purl2cpe | 2026-06-01 10:11:52.324753 |
pkg:github/cyrusimap/cyrus-imapd |
purl2cpe | 2026-06-01 10:11:52.324754 |
pkg:gitlab/redhat/cyrus-imapd |
purl2cpe | 2026-06-01 10:11:52.324756 |
pkg:rpm/centos/cyrus-imapd |
purl2cpe | 2026-06-01 10:11:52.324757 |
pkg:rpm/fedora/cyrus-imapd |
purl2cpe | 2026-06-01 10:11:52.324758 |
pkg:rpm/opensuse/cyrus-imapd |
purl2cpe | 2026-06-01 10:11:52.324760 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2011-3481 |
vulnerable | 2026-06-08 04:59:25.689205 |
Details available
The index_get_ids function in index.c in imapd in Cyrus IMAP Server before 2.4.11, when server-side threading is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted References header in an e-mail message.
Published: 2011-09-14T17:00:00.000Z
Updated: 2024-08-06T23:37:47.758Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-3208 |
vulnerable | 2026-06-08 04:58:11.154757 |
Details available
Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command.
Published: 2011-09-14T17:00:00.000Z
Updated: 2024-08-06T23:29:56.064Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2011-1926 |
vulnerable | 2026-06-08 04:58:02.975171 |
Details available
The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not properly restrict I/O buffering, which allows man-in-the-middle attackers to insert commands into encrypted sessions by sending a cleartext command that is processed after TLS is in place, related to a "plaintext command injection" attack, a similar issue to CVE-2011-0411.
Published: 2011-05-23T22:00:00.000Z
Updated: 2024-08-06T22:46:00.659Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2009-2632 |
vulnerable | 2026-06-08 04:51:29.504543 |
Details available
Buffer overflow in the SIEVE script component (sieve/script.c), as used in cyrus-imapd in Cyrus IMAP Server 2.2.13 and 2.3.14, and Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, allows local users to execute arbitrary code and read or modify arbitrary messages via a crafted SIEVE script, related to the incorrect use of the sizeof operator for determining buffer length, combined with an integer signedness error.
Published: 2009-09-08T23:00:00.000Z
Updated: 2024-08-07T05:59:56.175Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.