2 matches found
UBUNTU-CVE-2021-33582
Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service multiple-minute daemon hang via input that is mishandled during hash-table interaction. Because there are many insertions into a single bucket, strcmp becomes slow. This is fixed in 3.4.2, 3.2.8, and 3.0.16...
DEBIAN-CVE-2019-18928
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection...