Imap Security Vulnerabilities and Issues — Imap CVE List

Lucene search

CyrusImap

3 matches found

CVE•added 2019/11/15 4:15 a.m.•216 views

CVE-2019-18928

Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.

9.8CVSS9.6AI score0.005EPSS

CVE•added 2019/06/03 8:29 p.m.•158 views

CVE-2019-11356

The CalDAV feature in httpd in Cyrus IMAP 2.5.x through 2.5.12 and 3.0.x through 3.0.9 allows remote attackers to execute arbitrary code via a crafted HTTP PUT operation for an event with a long iCalendar property name.

9.8CVSS9.4AI score0.22871EPSS

CVE•added 2017/09/10 7:29 a.m.•44 views

CVE-2017-14230

In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP before 3.0.4, an off-by-one error in prefix calculation for the LIST command caused use of uninitialized memory, which might allow remote attackers to obtain sensitive information or cause a denial of service (daemon crash) via a 'LI...

9.1CVSS8.8AI score0.00935EPSS