1496 matches found
CLSA-2026-1779119949 cyrus-imapd: Fix of CVE-2024-34055
fix CVE-2024-34055: denial of service via memory exhaustion using oversized IMAP literals and command arguments - disable cassandane test runner on x8664 and aarch64 due to multiple unrelated mock-environment issues imaptest binary SIGSEGV, slow file I/O, alarm scheduling races; cunit which...
CVE-2026-6691
A flaw was found in the MongoDB C Driver's Cyrus SASL integration. This vulnerability, a heap buffer overflow, occurs due to unsafe string copying during username canonicalization. A remote attacker can exploit this by providing untrusted input in the username of a MongoDB URI with...
cyrus-sasl: Fix of CVE-2019-19906
CVE-2019-19906: fix off-by-one in sasladdstring lib/common.c that could cause denial of service or information disclosure via crafted input...
CVE-2026-6691
The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...
CVE-2026-6691 MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow
The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...
CVE-2026-6691
CVE-2026-6691 affects the MongoDB C Driver Cyrus SASL integration. The issue is unsafe string copying during username canonicalization, leading to a heap buffer overflow before any authentication or network traffic. The vulnerability can be triggered by untrusted input in the username of a MongoD...
CVE-2026-6691 MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow
The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...
CVE-2026-6691
The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...
MongoDB C Driver 安全漏洞
The MongoDB C Driver is an open-source library developed by MongoDB, designed to connect to and manipulate MongoDB databases in C-language programs. There is a security vulnerability in the MongoDB C Driver, which stems from the insecure string copying performed during username normalization by t...
PT-2026-37642
The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may be triggered by passing untrusted input in the username of a MongoDB URI with authMechanism=GSSAPI...
Astra Linux - уязвимость в cyrus-sasl2
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...
CLSA-2026-1777280127 cyrus-imapd: Fix of CVE-2021-33582
Fix CVE-2021-33582 - Denial of service via string hashing algorithm collisions...
CLSA-2026-1777279920 cyrus-imapd: Fix of CVE-2021-33582
Fix CVE-2021-33582 - Denial of service via string hashing algorithm collisions...
AZL-79343 CVE-2026-27601 affecting package cyrus-sasl-bootstrap 2.1.28-8
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
AZL-79340 CVE-2026-27601 affecting package cyrus-sasl 2.1.28-8
Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the .flatten and .isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service DoS attack by triggering a stack overflow...
MiracleLinux 8 : cyrus-sasl-2.1.27-6.el8 (AXSA:2022-3081:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3081:01 advisory. cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands CVE-2022-24407 Tenable has extracted the preceding...
MiracleLinux 8 : cyrus-imapd-3.0.7-20.el8.1 (AXSA:2021-2426:03)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-2426:03 advisory. cyrus-imapd: Denial of service via string hashing algorithm collisions CVE-2021-33582 Tenable has extracted the preceding description block directly from the...
MiracleLinux 8 : cyrus-imapd-3.0.7-19.el8 (AXSA:2021-1276:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1276:01 advisory. cyrus-imapd: privilege escalation in HTTP request CVE-2019-18928 cyrus-imapd: lmtpd component created mailboxes with administrator privileges if the...
MiracleLinux 8 : cyrus-sasl-2.1.27-5.el8 (AXSA:2021-1130:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1130:01 advisory. cyrus-sasl: denial of service in sasladdstring function CVE-2019-19906 Tenable has extracted the preceding description block directly from the MiracleLinux...
MiracleLinux 7 : cyrus-sasl-2.1.26-24.el7 (AXSA:2022-3085:02)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3085:02 advisory. cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands CVE-2022-24407 Tenable has extracted the preceding...