Lucene search
+L

493 matches found

euvd
euvd
added yesterday5 views

EUVD-2026-45009

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. GENURLAUTH-issued tokens can bypass ACLs. Any authenticated user could mint a URLAUTH token via the GENURLAUTH command for any mailbox they could name, even without read access on it. This would allow reading mail from mailboxes...

3.5CVSS6.1AI score
Exploits0References3
cve
cve
added yesterday5 views

CVE-2026-47081

Cyrus IMAP (cyrus-imapd) up to version 3.12.2 is affected by a XAPPLEPUSHSERVICE folder existence oracle that lets an authenticated IMAP user probe for the existence of arbitrary mailboxes on other users and push notifications for new mail to their own APNS device. This does not expose mailbox co...

3.1CVSS6.2AI score
Exploits0References2
opensuse
opensuse
added 2026/06/15 12:0 a.m.6 views

Security update for cyrus-imapd (important)

openSUSE security update: security update for cyrus-imapd ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20962-1 Rating: important References: bsc1241536 bsc1241543 bsc1246165 bsc1251788 Cross-References: CVE-2025-23394 CVE-2025-49812 CVSS scores:...

8.3CVSS7.2AI score0.00516EPSS
Exploits0References4
opensuse
opensuse
added 2026/06/15 12:0 a.m.9 views

Security update for cyrus-imapd (important)

openSUSE Security Update: Security update for cyrus-imapd Announcement ID: openSUSE-SU-2026:0204-1 Rating: important References: 1241536 1241543 1246165 1251788 Cross-References: CVE-2025-23394 CVE-2025-49812 CVSS scores: CVE-2025-49812 SUSE: 8.3...

8.3CVSS5.5AI score0.00516EPSS
Exploits0References4
osv
osv
added 2026/06/12 6:46 p.m.5 views

OPENSUSE-SU-2026:20962-1 Security update for cyrus-imapd

This update for cyrus-imapd fixes the following issues: Changes in cyrus-imapd: - cyrus-imapd don't start because of missing "Requires=var-run.mount" from systemd bsc1251788 Remove var-run.mount from Requires and After - update to version 3.8.6 bugfix release VUL-0: CVE-2025-49812: cyrus-imapd:...

9.8CVSS7.2AI score0.00516EPSS
Exploits0References6
osv
osv
added 2026/05/19 12:34 a.m.35 views

CLSA-2026-1779119949 cyrus-imapd: Fix of CVE-2024-34055

fix CVE-2024-34055: denial of service via memory exhaustion using oversized IMAP literals and command arguments - disable cassandane test runner on x8664 and aarch64 due to multiple unrelated mock-environment issues imaptest binary SIGSEGV, slow file I/O, alarm scheduling races; cunit which...

6.5CVSS6.6AI score0.00836EPSS
Exploits0References1
osv
osv
added 2026/04/27 8:52 a.m.27 views

CLSA-2026-1777279920 cyrus-imapd: Fix of CVE-2021-33582

Fix CVE-2021-33582 - Denial of service via string hashing algorithm collisions...

7.5CVSS5.8AI score0.0307EPSS
Exploits0References1
nessus
nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 8 : cyrus-imapd-3.0.7-19.el8 (AXSA:2021-1276:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1276:01 advisory. cyrus-imapd: privilege escalation in HTTP request CVE-2019-18928 cyrus-imapd: lmtpd component created mailboxes with administrator privileges if the...

9.8CVSS5.6AI score0.02392EPSS
Exploits0References3
nessus
nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 9 : cyrus-imapd-3.4.8-1.el9 (AXSA:2024-9200:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9200:03 advisory. cyrus-imapd: unbounded memory allocation by sending many LITERALs in a single command CVE-2024-34055 Tenable has extracted the preceding description block...

6.5CVSS5.6AI score0.00836EPSS
Exploits0References2
nessus
nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : cyrus-imapd-3.0.7-20.el8.1 (AXSA:2021-2426:03)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2426:03 advisory. cyrus-imapd: Denial of service via string hashing algorithm collisions CVE-2021-33582 Tenable has extracted the preceding description block directly from the...

7.5CVSS5.5AI score0.0307EPSS
Exploits0References2
nessus
nessus
added 2026/01/14 12:0 a.m.2 views

MiracleLinux 3 : cyrus-imapd-2.3.7-7AXS3.3 (AXSA:2009-400:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2009-400:02 advisory. The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large...

7.5CVSS6.4AI score0.0404EPSS
Exploits0References3
euvd
euvd
added 2025/10/07 12:30 a.m.5 views

EUVD-2005-0547

Malware in sbrugna...

7.5CVSS6.1AI score0.04244EPSS
Exploits0References15
euvd
euvd
added 2025/10/07 12:30 a.m.4 views

EUVD-2011-3336

Malware in sbrugna...

7.5CVSS6AI score0.03364EPSS
Exploits0References15
euvd
euvd
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27710

Malicious code in bioql PyPI...

9.8CVSS6.3AI score0.00485EPSS
Exploits0References1
nessus
nessus
added 2025/08/30 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-23394

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A UNIX Symbolic Link Symlink Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE...

9.8CVSS6.1AI score0.00485EPSS
Exploits0References2
nvd
nvd
added 2025/05/26 4:15 p.m.15 views

CVE-2025-23394

A UNIX Symbolic Link Symlink Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1...

9.8CVSS0.00485EPSS
Exploits0References1
osv
osv
added 2025/05/26 4:15 p.m.28 views

UBUNTU-CVE-2025-23394

A UNIX Symbolic Link Symlink Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1...

9.8CVSS5.8AI score0.00485EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/05/26 3:34 p.m.8 views

CVE-2025-23394 daily-backup.sh script in cyrus-imapd allows escalation from cyrus to root

A UNIX Symbolic Link Symlink Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1...

7.1AI score0.00485EPSS
Exploits0References1
cve
cve
added 2025/05/26 3:34 p.m.72 views

CVE-2025-23394

Summary (CVE-2025-23394) : A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed’s Cyrus IMAPd allows escalation from user cyrus to root. Affected: openSUSE Tumbleweed, cyrus-imapd before 3.8.4-2.1. Root cause: symlink following flaw enabling privilege escalation. Impact: ...

9.8CVSS6.7AI score0.00485EPSS
Exploits0References1
cvelist
cvelist
added 2025/05/26 3:34 p.m.36 views

CVE-2025-23394 daily-backup.sh script in cyrus-imapd allows escalation from cyrus to root

A UNIX Symbolic Link Symlink Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.This issue affects openSUSE Tumbleweed cyrus-imapd before 3.8.4-2.1...

0.00485EPSS
Exploits0References1
Rows per page
Query Builder