CVE-2011-1926

CVE-2011-1926 affects Cyrus IMAP Server prior to 2.4.7 where the STARTTLS I/O buffering is not properly restricted. This allows a man-in-the-middle to inject cleartext commands into an encrypted session, enabling a plaintext command injection (related to CVE-2011-0411). Remediation: upgrade to Cy...

CVE-2011-3208

CVE-2011-3208 : Stack-based buffer overflow in the split_wildmats function of nntpd.c in the Cyrus IMAP Server’s nntpd. Remote attackers could execute arbitrary code via a crafted NNTP command. Affected products/versions: Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11. Impact: potential ...

CVE-2011-3481

CVE-2011-3481 affects Cyrus IMAP Server’s imapd prior to 2.4.11. When server-side threading is enabled, the index_get_ids function can be triggered by a crafted References header in an email to cause a NULL pointer dereference and daemon crash (DoS). The vulnerability is tied to the IMAP server c...

CVE-2009-2632

CVE-2009-2632: A local buffer overflow in the Sieve component (sieve/script.c) of Cyrus IMAP Server 2.2.13 and 2.3.14, and in Dovecot up to 1.0.4/1.1.7, arises from improper handling of buffer length using sizeof coupled with an integer signedness error. This can allow a local attacker to read/mo...