CVSS: 9.8EPSS: 31%CPEs: 46EXPL: 0CVE-2009-0688 – cyrus-sasl: sasl_encode64() does not reliably null-terminate its output
https://notcve.org/view.php?id=CVE-2009-0688
15 May 2009 — Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c. Múltiples desbordamientos de búfer en la librería CMU Cyrus SASL versiones anteriores a v2.1.23 puede permitir a atacantes remotos ejecutar código de su elección o provocar una denegación de servicio (caída de aplicación) a través de cadenas que son util... • ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2006-0250
https://notcve.org/view.php?id=CVE-2006-0250
18 Jan 2006 — Format string vulnerability in the snmp_input function in snmptrapd in CMU SNMP utilities (cmu-snmp) allows remote attackers to execute arbitrary code by sending crafted SNMP messages to UDP port 162. • http://secunia.com/advisories/18525 •
CVSS: 10.0EPSS: 5%CPEs: 22EXPL: 0CVE-2004-1067
https://notcve.org/view.php?id=CVE-2004-1067
10 Dec 2004 — Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username. Error de fuera-por-uno en la función myasl_canon_user en Cyrus IMAP Server 2.2.9 y anteriores conduce a un desbordamiento de búfer, lo que puede permitir a atacantes remotos ejecutar código de su elección mediante el nombre de usuario. • http://asg.web.cmu.edu/cyrus/download/imapd/changes.html •
CVSS: 10.0EPSS: 16%CPEs: 23EXPL: 0CVE-2004-1011
https://notcve.org/view.php?id=CVE-2004-1011
01 Dec 2004 — Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015. Desbordamiento basado en la pila en Cyrus IMAP Server 2.2.4 a 2.2.8, con la opción imapmagicplus establecida, permite a atacantes remotos ejecuta código de su elección mediante un comando PROXY o LOGIN largo, una vulnerabilidad distinta de CAN-2004-1015. • http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143 •
CVSS: 10.0EPSS: 10%CPEs: 23EXPL: 0CVE-2004-1012
https://notcve.org/view.php?id=CVE-2004-1012
01 Dec 2004 — The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption. El procesador de argumentos de la orden PARTIAL de Cyrus IMAP Server 2.2.6 y anteriores permite a usuarios remotos autentificados ejecutar código de su elección mediante una cierta orden ("body[p") ... • http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143 •
CVSS: 10.0EPSS: 10%CPEs: 23EXPL: 0CVE-2004-1013
https://notcve.org/view.php?id=CVE-2004-1013
01 Dec 2004 — The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption. El procesador de argumentos de la orden FETCH de Cyrus IMAP Server 2.2.x a 2.2.8 permite a usuarios remotos autenticados ejecutar código de su elección mediante ciertos comandos como (1) "body[p", (2) "bina... • http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143 •
CVSS: 10.0EPSS: 5%CPEs: 22EXPL: 0CVE-2004-1015
https://notcve.org/view.php?id=CVE-2004-1015
01 Dec 2004 — Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011. Desbordamiento de búfer en proxyd de Cyrus IMAP Server 2.2.9 y anteriores, con la opción imapmagicplus establecida, puede permitir a atacantes remotos ejecutar código de su elección, una vulnerabilidad distinta de CAN-2004-1011. • http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=145 •
CVSS: 9.8EPSS: 48%CPEs: 6EXPL: 3CVE-2002-1580 – Cyrus IMAPD 1.4/1.5.19/2.0.12/2.0.16/2.1.9/2.1.10 - Pre-Login Heap Corruption
https://notcve.org/view.php?id=CVE-2002-1580
20 May 2004 — Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347. Desbordamiento de enteros en imapparse.c de Cyrus IMAP server 1.4 y 2.1.10 permite a atacantes remotos ejecutar código arbitrario mediante un valor de longitud grande que facilita un ataque de desbordamiento de búfer, una vulnerabilidad distinta de CAN-2002-1347. • https://www.exploit-db.com/exploits/22061 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2001-1154
https://notcve.org/view.php?id=CVE-2001-1154
30 Aug 2001 — Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients. • http://www.securityfocus.com/archive/1/211056 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2000-0956
https://notcve.org/view.php?id=CVE-2000-0956
19 Dec 2000 — cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions. • http://www.redhat.com/support/errata/RHSA-2000-094.html •