493 matches found
EUVD-2026-45009
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. GENURLAUTH-issued tokens can bypass ACLs. Any authenticated user could mint a URLAUTH token via the GENURLAUTH command for any mailbox they could name, even without read access on it. This would allow reading mail from mailboxes...
CVE-2026-47081
Cyrus IMAP (cyrus-imapd) up to version 3.12.2 is affected by a XAPPLEPUSHSERVICE folder existence oracle that lets an authenticated IMAP user probe for the existence of arbitrary mailboxes on other users and push notifications for new mail to their own APNS device. This does not expose mailbox co...
Security update for cyrus-imapd (important)
openSUSE security update: security update for cyrus-imapd ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20962-1 Rating: important References: bsc1241536 bsc1241543 bsc1246165 bsc1251788 Cross-References: CVE-2025-23394 CVE-2025-49812 CVSS scores:...
Security update for cyrus-imapd (important)
openSUSE Security Update: Security update for cyrus-imapd Announcement ID: openSUSE-SU-2026:0204-1 Rating: important References: 1241536 1241543 1246165 1251788 Cross-References: CVE-2025-23394 CVE-2025-49812 CVSS scores: CVE-2025-49812 SUSE: 8.3...
OPENSUSE-SU-2026:20962-1 Security update for cyrus-imapd
This update for cyrus-imapd fixes the following issues: Changes in cyrus-imapd: - cyrus-imapd don't start because of missing "Requires=var-run.mount" from systemd bsc1251788 Remove var-run.mount from Requires and After - update to version 3.8.6 bugfix release VUL-0: CVE-2025-49812: cyrus-imapd:...
CLSA-2026-1779119949 cyrus-imapd: Fix of CVE-2024-34055
fix CVE-2024-34055: denial of service via memory exhaustion using oversized IMAP literals and command arguments - disable cassandane test runner on x8664 and aarch64 due to multiple unrelated mock-environment issues imaptest binary SIGSEGV, slow file I/O, alarm scheduling races; cunit which...
CLSA-2026-1777279920 cyrus-imapd: Fix of CVE-2021-33582
Fix CVE-2021-33582 - Denial of service via string hashing algorithm collisions...
MiracleLinux 8 : cyrus-imapd-3.0.7-19.el8 (AXSA:2021-1276:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1276:01 advisory. cyrus-imapd: privilege escalation in HTTP request CVE-2019-18928 cyrus-imapd: lmtpd component created mailboxes with administrator privileges if the...
MiracleLinux 9 : cyrus-imapd-3.4.8-1.el9 (AXSA:2024-9200:03)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9200:03 advisory. cyrus-imapd: unbounded memory allocation by sending many LITERALs in a single command CVE-2024-34055 Tenable has extracted the preceding description block...
MiracleLinux 8 : cyrus-imapd-3.0.7-20.el8.1 (AXSA:2021-2426:03)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2426:03 advisory. cyrus-imapd: Denial of service via string hashing algorithm collisions CVE-2021-33582 Tenable has extracted the preceding description block directly from the...
MiracleLinux 3 : cyrus-imapd-2.3.7-7AXS3.3 (AXSA:2009-400:02)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-400:02 advisory. The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large...
EUVD-2005-0547
Malware in sbrugna...
EUVD-2011-3336
Malware in sbrugna...
EUVD-2025-27710
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-23394
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A UNIX Symbolic Link Symlink Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE...
CVE-2025-23394
A UNIX Symbolic Link Symlink Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1...
UBUNTU-CVE-2025-23394
A UNIX Symbolic Link Symlink Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1...
CVE-2025-23394 daily-backup.sh script in cyrus-imapd allows escalation from cyrus to root
A UNIX Symbolic Link Symlink Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1...
CVE-2025-23394
Summary (CVE-2025-23394) : A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed’s Cyrus IMAPd allows escalation from user cyrus to root. Affected: openSUSE Tumbleweed, cyrus-imapd before 3.8.4-2.1. Root cause: symlink following flaw enabling privilege escalation. Impact: ...
CVE-2025-23394 daily-backup.sh script in cyrus-imapd allows escalation from cyrus to root
A UNIX Symbolic Link Symlink Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1...