17 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-19783
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed 3.x or certain non-defau...
RHEL 7 : cyrus-imapd (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cyrus-imapd: Out of bounds heap read in indexurlfetch CVE-2015-8076 - cyrus-imapd: lmtpd component create...
Mageia: Security Advisory (MGASA-2020-0010)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Moderate: Red Hat Security Advisory: cyrus-imapd security update
An update for cyrus-imapd is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
RHEL 8 : cyrus-imapd (RHSA-2020:4655)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4655 advisory. The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. Security Fixes: cyrus-imapd:...
Moderate: cyrus-imapd security update
The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. Security Fixes: cyrus-imapd: privilege escalation in HTTP request CVE-2019-18928 cyrus-imapd: lmtpd component created mailboxes with administrator privileges if the "fileinto" was used,...
Ubuntu: Security Advisory (USN-4566-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4566-1: Cyrus IMAP Server vulnerabilities
It was dicovered that Cyrus IMAP Server could execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code. CVE-2019-11356 It was discovered that the Cyrus IMA...
Security fix for the ALT Linux 8 package cyrus-imapd version 2.5.15-alt0.M80P.1
2.5.15-alt0.M80P.1 built Jan. 10, 2020 Sergey Y. Afonin in task 243774 Jan. 2, 2020 Sergey Y. Afonin - 2.5.15 fixes: CVE-2019-19783...
Security fix for the ALT Linux 9 package cyrus-imapd version 3.0.13-alt1
3.0.13-alt1 built Jan. 10, 2020 Sergey Y. Afonin in task 243772 Jan. 1, 2020 Sergey Y. Afonin - 3.0.13 fixes: CVE-2019-19783...
Fedora 30 : cyrus-imapd (2019-7938c21723)
Update to new upstream version 3.0.13, which includes a fix for CVE-2019-19783 and other minor fixes. Release notes: https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.htm l Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...
Fedora 31 : cyrus-imapd (2019-ad23a4522d)
Update to new upstream version 3.0.13, which includes a fix for CVE-2019-19783 and other minor fixes. Release notes: https://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.13.htm l Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...
Updated cyrus-imapd packages fix security vulnerability
Updated cyrus-imapd packages fix security vulnerability: It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks CVE-2019-19783...
Debian DSA-4590-1 : cyrus-imapd - security update
It was discovered that the lmtpd component of the Cyrus IMAP server created mailboxes with administrator privileges if the 'fileinto' was used, bypassing ACL checks. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisor...
[SECURITY] [DSA 4590-1] cyrus-imapd security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4590-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 19, 2019 https://www.debian.org/security/faq -...
CVE-2019-19783
An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed 3.x or certain non-default sieve options are enabled 2.x, a user with a mail account on the service can use a sieve script containing a fileinto directive to...
CVE-2019-19783
CVE-2019-19783 affects Cyrus IMAP (cyrus-imapd) where the lmtpd sieve handling could allow a user to create a mailbox with administrator privileges via a fileinto directive, due to folder handling in autosieve_createfolder() in imap/lmtp_sieve.c. Affected: 2.5.x (before 2.5.15), 3.0.x (before 3.0...