RHEL 7 : cyrus-imapd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cyrus-imapd: Out of bounds heap read in indexurlfetch CVE-2015-8076 - cyrus-imapd: lmtpd component create...

CentOS 8 : cyrus-imapd (CESA-2020:4655)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2020:4655 advisory. - cyrus-imapd: privilege escalation in HTTP request CVE-2019-18928 - cyrus-imapd: lmtpd component created mailboxes with administrator privileges if th...

cyrus-imapd: lmtpd component created mailboxes with administrator privileges if the "fileinto" was used, bypassing ACL checks

An issue was discovered in Cyrus IMAP before 2.5.15, 3.0.x before 3.0.13, and 3.1.x through 3.1.8. If sieve script uploading is allowed 3.x or certain non-default sieve options are enabled 2.x, a user with a mail account on the service can use a sieve script containing a fileinto directive to...

RHEL 8 : cyrus-imapd (RHSA-2020:4655)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:4655 advisory. The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. Security Fixes: cyrus-imapd:...

Moderate: cyrus-imapd security update

The cyrus-imapd packages contain a high-performance mail server with IMAP, POP3, NNTP, and SIEVE support. Security Fixes: cyrus-imapd: privilege escalation in HTTP request CVE-2019-18928 cyrus-imapd: lmtpd component created mailboxes with administrator privileges if the "fileinto" was used,...