Search

Find a vulnerability

Search criteria

    14 vulnerabilities found for cyrus_imap_server by carnegie_mellon_university

    CVE-2004-1011 (GCVE-0-2004-1011)

    Vulnerability from nvd – Published: 2004-12-01 05:00 – Updated: 2024-08-08 00:39
    VLAI
    Summary
    Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2004-11-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:39:00.588Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://security.e-matters.de/advisories/152004.html"
              },
              {
                "name": "cyrus-imap-username-bo(18198)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18198"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
              },
              {
                "name": "MDKSA-2004:139",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
              },
              {
                "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
              },
              {
                "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
              },
              {
                "name": "13274",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/13274/"
              },
              {
                "name": "GLSA-200411-34",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-11-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://security.e-matters.de/advisories/152004.html"
            },
            {
              "name": "cyrus-imap-username-bo(18198)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18198"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
            },
            {
              "name": "MDKSA-2004:139",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
            },
            {
              "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
            },
            {
              "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
            },
            {
              "name": "13274",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/13274/"
            },
            {
              "name": "GLSA-200411-34",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1011",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://security.e-matters.de/advisories/152004.html",
                  "refsource": "MISC",
                  "url": "http://security.e-matters.de/advisories/152004.html"
                },
                {
                  "name": "cyrus-imap-username-bo(18198)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18198"
                },
                {
                  "name": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html",
                  "refsource": "CONFIRM",
                  "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
                },
                {
                  "name": "MDKSA-2004:139",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
                },
                {
                  "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
                },
                {
                  "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
                  "refsource": "MLIST",
                  "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
                },
                {
                  "name": "13274",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/13274/"
                },
                {
                  "name": "GLSA-200411-34",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1011",
        "datePublished": "2004-12-01T05:00:00.000Z",
        "dateReserved": "2004-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:39:00.588Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-1012 (GCVE-0-2004-1012)

    Vulnerability from nvd – Published: 2004-12-01 05:00 – Updated: 2024-08-08 00:39
    VLAI
    Summary
    The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.debian.org/security/2004/dsa-597 vendor-advisoryx_refsource_DEBIAN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://security.e-matters.de/advisories/152004.html x_refsource_MISC
    http://asg.web.cmu.edu/cyrus/download/imapd/chang… x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    http://marc.info/?l=bugtraq&m=110123023521619&w=2 mailing-listx_refsource_BUGTRAQ
    http://asg.web.cmu.edu/archive/message.php?mailbo… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/13274/ third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200411-34.xml vendor-advisoryx_refsource_GENTOO
    https://www.ubuntu.com/usn/usn-31-1/ vendor-advisoryx_refsource_UBUNTU
    Date Public
    2004-11-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:39:00.882Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-597",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2004/dsa-597"
              },
              {
                "name": "cyrus-imap-commands-execute-code(18199)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18199"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://security.e-matters.de/advisories/152004.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
              },
              {
                "name": "MDKSA-2004:139",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
              },
              {
                "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
              },
              {
                "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
              },
              {
                "name": "13274",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/13274/"
              },
              {
                "name": "GLSA-200411-34",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
              },
              {
                "name": "USN-31-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://www.ubuntu.com/usn/usn-31-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-11-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command (\"body[p\") that is treated as a different command (\"body.peek\") and causes an index increment error that leads to an out-of-bounds memory corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "DSA-597",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2004/dsa-597"
            },
            {
              "name": "cyrus-imap-commands-execute-code(18199)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18199"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://security.e-matters.de/advisories/152004.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
            },
            {
              "name": "MDKSA-2004:139",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
            },
            {
              "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
            },
            {
              "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
            },
            {
              "name": "13274",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/13274/"
            },
            {
              "name": "GLSA-200411-34",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
            },
            {
              "name": "USN-31-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://www.ubuntu.com/usn/usn-31-1/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1012",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command (\"body[p\") that is treated as a different command (\"body.peek\") and causes an index increment error that leads to an out-of-bounds memory corruption."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-597",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2004/dsa-597"
                },
                {
                  "name": "cyrus-imap-commands-execute-code(18199)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18199"
                },
                {
                  "name": "http://security.e-matters.de/advisories/152004.html",
                  "refsource": "MISC",
                  "url": "http://security.e-matters.de/advisories/152004.html"
                },
                {
                  "name": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html",
                  "refsource": "CONFIRM",
                  "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
                },
                {
                  "name": "MDKSA-2004:139",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
                },
                {
                  "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
                },
                {
                  "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
                  "refsource": "MLIST",
                  "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
                },
                {
                  "name": "13274",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/13274/"
                },
                {
                  "name": "GLSA-200411-34",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
                },
                {
                  "name": "USN-31-1",
                  "refsource": "UBUNTU",
                  "url": "https://www.ubuntu.com/usn/usn-31-1/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1012",
        "datePublished": "2004-12-01T05:00:00.000Z",
        "dateReserved": "2004-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:39:00.882Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-1015 (GCVE-0-2004-1015)

    Vulnerability from nvd – Published: 2004-12-01 05:00 – Updated: 2024-08-08 00:39
    VLAI
    Summary
    Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2004-11-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:39:00.635Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cyrus-magic-plus-bo(18274)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18274"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
              },
              {
                "name": "MDKSA-2004:139",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
              },
              {
                "name": "[cyrus-announce] 20041123 Cyrus IMAPd 2.2.10 Released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=145"
              },
              {
                "name": "GLSA-200411-34",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-11-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "cyrus-magic-plus-bo(18274)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18274"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
            },
            {
              "name": "MDKSA-2004:139",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
            },
            {
              "name": "[cyrus-announce] 20041123 Cyrus IMAPd 2.2.10 Released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=145"
            },
            {
              "name": "GLSA-200411-34",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1015",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "cyrus-magic-plus-bo(18274)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18274"
                },
                {
                  "name": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html",
                  "refsource": "CONFIRM",
                  "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
                },
                {
                  "name": "MDKSA-2004:139",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
                },
                {
                  "name": "[cyrus-announce] 20041123 Cyrus IMAPd 2.2.10 Released",
                  "refsource": "MLIST",
                  "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=145"
                },
                {
                  "name": "GLSA-200411-34",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1015",
        "datePublished": "2004-12-01T05:00:00.000Z",
        "dateReserved": "2004-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:39:00.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-1067 (GCVE-0-2004-1067)

    Vulnerability from nvd – Published: 2004-12-10 05:00 – Updated: 2024-08-08 00:39
    VLAI
    Summary
    Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2004-12-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:39:00.545Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cyrus-mysaslcanonuser-offbyone-bo(18333)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18333"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
              },
              {
                "name": "11738",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/11738"
              },
              {
                "name": "USN-37-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://www.ubuntu.com/usn/usn-37-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-12-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "cyrus-mysaslcanonuser-offbyone-bo(18333)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18333"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
            },
            {
              "name": "11738",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/11738"
            },
            {
              "name": "USN-37-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://www.ubuntu.com/usn/usn-37-1/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1067",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "cyrus-mysaslcanonuser-offbyone-bo(18333)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18333"
                },
                {
                  "name": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html",
                  "refsource": "CONFIRM",
                  "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
                },
                {
                  "name": "11738",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/11738"
                },
                {
                  "name": "USN-37-1",
                  "refsource": "UBUNTU",
                  "url": "https://www.ubuntu.com/usn/usn-37-1/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1067",
        "datePublished": "2004-12-10T05:00:00.000Z",
        "dateReserved": "2004-11-29T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:39:00.545Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-1013 (GCVE-0-2004-1013)

    Vulnerability from nvd – Published: 2004-12-01 05:00 – Updated: 2024-08-08 00:38
    VLAI
    Summary
    The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.debian.org/security/2004/dsa-597 vendor-advisoryx_refsource_DEBIAN
    http://security.e-matters.de/advisories/152004.html x_refsource_MISC
    http://asg.web.cmu.edu/cyrus/download/imapd/chang… x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    http://marc.info/?l=bugtraq&m=110123023521619&w=2 mailing-listx_refsource_BUGTRAQ
    http://asg.web.cmu.edu/archive/message.php?mailbo… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/13274/ third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200411-34.xml vendor-advisoryx_refsource_GENTOO
    https://www.ubuntu.com/usn/usn-31-1/ vendor-advisoryx_refsource_UBUNTU
    Date Public
    2004-11-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:38:59.800Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-597",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2004/dsa-597"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://security.e-matters.de/advisories/152004.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
              },
              {
                "name": "MDKSA-2004:139",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
              },
              {
                "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
              },
              {
                "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
              },
              {
                "name": "13274",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/13274/"
              },
              {
                "name": "GLSA-200411-34",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
              },
              {
                "name": "USN-31-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://www.ubuntu.com/usn/usn-31-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-11-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) \"body[p\", (2) \"binary[p\", or (3) \"binary[p\") that cause an index increment error that leads to an out-of-bounds memory corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-06T21:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "DSA-597",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2004/dsa-597"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://security.e-matters.de/advisories/152004.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
            },
            {
              "name": "MDKSA-2004:139",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
            },
            {
              "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
            },
            {
              "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
            },
            {
              "name": "13274",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/13274/"
            },
            {
              "name": "GLSA-200411-34",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
            },
            {
              "name": "USN-31-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://www.ubuntu.com/usn/usn-31-1/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1013",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) \"body[p\", (2) \"binary[p\", or (3) \"binary[p\") that cause an index increment error that leads to an out-of-bounds memory corruption."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-597",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2004/dsa-597"
                },
                {
                  "name": "http://security.e-matters.de/advisories/152004.html",
                  "refsource": "MISC",
                  "url": "http://security.e-matters.de/advisories/152004.html"
                },
                {
                  "name": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html",
                  "refsource": "CONFIRM",
                  "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
                },
                {
                  "name": "MDKSA-2004:139",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
                },
                {
                  "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
                },
                {
                  "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
                  "refsource": "MLIST",
                  "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
                },
                {
                  "name": "13274",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/13274/"
                },
                {
                  "name": "GLSA-200411-34",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
                },
                {
                  "name": "USN-31-1",
                  "refsource": "UBUNTU",
                  "url": "https://www.ubuntu.com/usn/usn-31-1/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1013",
        "datePublished": "2004-12-01T05:00:00.000Z",
        "dateReserved": "2004-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:38:59.800Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1580 (GCVE-0-2002-1580)

    Vulnerability from nvd – Published: 2004-05-20 04:00 – Updated: 2024-08-08 03:26
    VLAI
    Summary
    Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://distro.conectiva.com/atualizacoes/?id=a&an… vendor-advisoryx_refsource_CONECTIVA
    http://distro.conectiva.com.br/atualizacoes/?id=a… vendor-advisoryx_refsource_CONECTIVA
    http://www.debian.org/security/2002/dsa-215 vendor-advisoryx_refsource_DEBIAN
    http://asg.web.cmu.edu/cyrus/download/imapd/chang… x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/740169 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/bid/6298 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/301864 mailing-listx_refsource_BUGTRAQ
    Date Public
    2002-12-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:26:29.337Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "000557",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
                  "x_transferred"
                ],
                "url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000557"
              },
              {
                "name": "CLA-2002:557",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
                  "x_transferred"
                ],
                "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000557"
              },
              {
                "name": "DSA-215",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2002/dsa-215"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
              },
              {
                "name": "VU#740169",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/740169"
              },
              {
                "name": "6298",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/6298"
              },
              {
                "name": "cyrus-imap-preauth-bo(10744)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10744"
              },
              {
                "name": "20021202 pre-login buffer overflow in Cyrus IMAP server",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/301864"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-12-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "000557",
              "tags": [
                "vendor-advisory",
                "x_refsource_CONECTIVA"
              ],
              "url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000557"
            },
            {
              "name": "CLA-2002:557",
              "tags": [
                "vendor-advisory",
                "x_refsource_CONECTIVA"
              ],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000557"
            },
            {
              "name": "DSA-215",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2002/dsa-215"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
            },
            {
              "name": "VU#740169",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/740169"
            },
            {
              "name": "6298",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/6298"
            },
            {
              "name": "cyrus-imap-preauth-bo(10744)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10744"
            },
            {
              "name": "20021202 pre-login buffer overflow in Cyrus IMAP server",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/301864"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1580",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "000557",
                  "refsource": "CONECTIVA",
                  "url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000557"
                },
                {
                  "name": "CLA-2002:557",
                  "refsource": "CONECTIVA",
                  "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000557"
                },
                {
                  "name": "DSA-215",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2002/dsa-215"
                },
                {
                  "name": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html",
                  "refsource": "CONFIRM",
                  "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
                },
                {
                  "name": "VU#740169",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/740169"
                },
                {
                  "name": "6298",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/6298"
                },
                {
                  "name": "cyrus-imap-preauth-bo(10744)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10744"
                },
                {
                  "name": "20021202 pre-login buffer overflow in Cyrus IMAP server",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/301864"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1580",
        "datePublished": "2004-05-20T04:00:00.000Z",
        "dateReserved": "2004-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-08T03:26:29.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-1154 (GCVE-0-2001-1154)

    Vulnerability from nvd – Published: 2002-03-15 05:00 – Updated: 2024-08-08 04:44
    VLAI
    Summary
    Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/211056 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/3260 vdb-entryx_refsource_BID
    Date Public
    2001-08-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:44:07.894Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cyrus-imap-php-dos(7053)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7053"
              },
              {
                "name": "20010830 Possible Denial of Service with PHP and Cyrus IMAP on BSDi 4.2",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/211056"
              },
              {
                "name": "3260",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/3260"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-18T21:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "cyrus-imap-php-dos(7053)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7053"
            },
            {
              "name": "20010830 Possible Denial of Service with PHP and Cyrus IMAP on BSDi 4.2",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/211056"
            },
            {
              "name": "3260",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/3260"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-1154",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "cyrus-imap-php-dos(7053)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7053"
                },
                {
                  "name": "20010830 Possible Denial of Service with PHP and Cyrus IMAP on BSDi 4.2",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/211056"
                },
                {
                  "name": "3260",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/3260"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-1154",
        "datePublished": "2002-03-15T05:00:00.000Z",
        "dateReserved": "2002-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:44:07.894Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-1067 (GCVE-0-2004-1067)

    Vulnerability from cvelistv5 – Published: 2004-12-10 05:00 – Updated: 2024-08-08 00:39
    VLAI
    Summary
    Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2004-12-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:39:00.545Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cyrus-mysaslcanonuser-offbyone-bo(18333)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18333"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
              },
              {
                "name": "11738",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/11738"
              },
              {
                "name": "USN-37-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://www.ubuntu.com/usn/usn-37-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-12-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "cyrus-mysaslcanonuser-offbyone-bo(18333)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18333"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
            },
            {
              "name": "11738",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/11738"
            },
            {
              "name": "USN-37-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://www.ubuntu.com/usn/usn-37-1/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1067",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "cyrus-mysaslcanonuser-offbyone-bo(18333)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18333"
                },
                {
                  "name": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html",
                  "refsource": "CONFIRM",
                  "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
                },
                {
                  "name": "11738",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/11738"
                },
                {
                  "name": "USN-37-1",
                  "refsource": "UBUNTU",
                  "url": "https://www.ubuntu.com/usn/usn-37-1/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1067",
        "datePublished": "2004-12-10T05:00:00.000Z",
        "dateReserved": "2004-11-29T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:39:00.545Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-1011 (GCVE-0-2004-1011)

    Vulnerability from cvelistv5 – Published: 2004-12-01 05:00 – Updated: 2024-08-08 00:39
    VLAI
    Summary
    Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2004-11-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:39:00.588Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://security.e-matters.de/advisories/152004.html"
              },
              {
                "name": "cyrus-imap-username-bo(18198)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18198"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
              },
              {
                "name": "MDKSA-2004:139",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
              },
              {
                "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
              },
              {
                "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
              },
              {
                "name": "13274",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/13274/"
              },
              {
                "name": "GLSA-200411-34",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-11-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://security.e-matters.de/advisories/152004.html"
            },
            {
              "name": "cyrus-imap-username-bo(18198)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18198"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
            },
            {
              "name": "MDKSA-2004:139",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
            },
            {
              "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
            },
            {
              "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
            },
            {
              "name": "13274",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/13274/"
            },
            {
              "name": "GLSA-200411-34",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1011",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://security.e-matters.de/advisories/152004.html",
                  "refsource": "MISC",
                  "url": "http://security.e-matters.de/advisories/152004.html"
                },
                {
                  "name": "cyrus-imap-username-bo(18198)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18198"
                },
                {
                  "name": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html",
                  "refsource": "CONFIRM",
                  "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
                },
                {
                  "name": "MDKSA-2004:139",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
                },
                {
                  "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
                },
                {
                  "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
                  "refsource": "MLIST",
                  "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
                },
                {
                  "name": "13274",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/13274/"
                },
                {
                  "name": "GLSA-200411-34",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1011",
        "datePublished": "2004-12-01T05:00:00.000Z",
        "dateReserved": "2004-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:39:00.588Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-1012 (GCVE-0-2004-1012)

    Vulnerability from cvelistv5 – Published: 2004-12-01 05:00 – Updated: 2024-08-08 00:39
    VLAI
    Summary
    The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.debian.org/security/2004/dsa-597 vendor-advisoryx_refsource_DEBIAN
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://security.e-matters.de/advisories/152004.html x_refsource_MISC
    http://asg.web.cmu.edu/cyrus/download/imapd/chang… x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    http://marc.info/?l=bugtraq&m=110123023521619&w=2 mailing-listx_refsource_BUGTRAQ
    http://asg.web.cmu.edu/archive/message.php?mailbo… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/13274/ third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200411-34.xml vendor-advisoryx_refsource_GENTOO
    https://www.ubuntu.com/usn/usn-31-1/ vendor-advisoryx_refsource_UBUNTU
    Date Public
    2004-11-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:39:00.882Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-597",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2004/dsa-597"
              },
              {
                "name": "cyrus-imap-commands-execute-code(18199)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18199"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://security.e-matters.de/advisories/152004.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
              },
              {
                "name": "MDKSA-2004:139",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
              },
              {
                "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
              },
              {
                "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
              },
              {
                "name": "13274",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/13274/"
              },
              {
                "name": "GLSA-200411-34",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
              },
              {
                "name": "USN-31-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://www.ubuntu.com/usn/usn-31-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-11-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command (\"body[p\") that is treated as a different command (\"body.peek\") and causes an index increment error that leads to an out-of-bounds memory corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "DSA-597",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2004/dsa-597"
            },
            {
              "name": "cyrus-imap-commands-execute-code(18199)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18199"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://security.e-matters.de/advisories/152004.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
            },
            {
              "name": "MDKSA-2004:139",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
            },
            {
              "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
            },
            {
              "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
            },
            {
              "name": "13274",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/13274/"
            },
            {
              "name": "GLSA-200411-34",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
            },
            {
              "name": "USN-31-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://www.ubuntu.com/usn/usn-31-1/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1012",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command (\"body[p\") that is treated as a different command (\"body.peek\") and causes an index increment error that leads to an out-of-bounds memory corruption."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-597",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2004/dsa-597"
                },
                {
                  "name": "cyrus-imap-commands-execute-code(18199)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18199"
                },
                {
                  "name": "http://security.e-matters.de/advisories/152004.html",
                  "refsource": "MISC",
                  "url": "http://security.e-matters.de/advisories/152004.html"
                },
                {
                  "name": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html",
                  "refsource": "CONFIRM",
                  "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
                },
                {
                  "name": "MDKSA-2004:139",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
                },
                {
                  "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
                },
                {
                  "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
                  "refsource": "MLIST",
                  "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
                },
                {
                  "name": "13274",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/13274/"
                },
                {
                  "name": "GLSA-200411-34",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
                },
                {
                  "name": "USN-31-1",
                  "refsource": "UBUNTU",
                  "url": "https://www.ubuntu.com/usn/usn-31-1/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1012",
        "datePublished": "2004-12-01T05:00:00.000Z",
        "dateReserved": "2004-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:39:00.882Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-1015 (GCVE-0-2004-1015)

    Vulnerability from cvelistv5 – Published: 2004-12-01 05:00 – Updated: 2024-08-08 00:39
    VLAI
    Summary
    Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2004-11-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:39:00.635Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cyrus-magic-plus-bo(18274)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18274"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
              },
              {
                "name": "MDKSA-2004:139",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
              },
              {
                "name": "[cyrus-announce] 20041123 Cyrus IMAPd 2.2.10 Released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=145"
              },
              {
                "name": "GLSA-200411-34",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-11-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "cyrus-magic-plus-bo(18274)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18274"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
            },
            {
              "name": "MDKSA-2004:139",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
            },
            {
              "name": "[cyrus-announce] 20041123 Cyrus IMAPd 2.2.10 Released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=145"
            },
            {
              "name": "GLSA-200411-34",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1015",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "cyrus-magic-plus-bo(18274)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18274"
                },
                {
                  "name": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html",
                  "refsource": "CONFIRM",
                  "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
                },
                {
                  "name": "MDKSA-2004:139",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
                },
                {
                  "name": "[cyrus-announce] 20041123 Cyrus IMAPd 2.2.10 Released",
                  "refsource": "MLIST",
                  "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=145"
                },
                {
                  "name": "GLSA-200411-34",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1015",
        "datePublished": "2004-12-01T05:00:00.000Z",
        "dateReserved": "2004-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:39:00.635Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2004-1013 (GCVE-0-2004-1013)

    Vulnerability from cvelistv5 – Published: 2004-12-01 05:00 – Updated: 2024-08-08 00:38
    VLAI
    Summary
    The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.debian.org/security/2004/dsa-597 vendor-advisoryx_refsource_DEBIAN
    http://security.e-matters.de/advisories/152004.html x_refsource_MISC
    http://asg.web.cmu.edu/cyrus/download/imapd/chang… x_refsource_CONFIRM
    http://www.mandriva.com/security/advisories?name=… vendor-advisoryx_refsource_MANDRAKE
    http://marc.info/?l=bugtraq&m=110123023521619&w=2 mailing-listx_refsource_BUGTRAQ
    http://asg.web.cmu.edu/archive/message.php?mailbo… mailing-listx_refsource_MLIST
    http://secunia.com/advisories/13274/ third-party-advisoryx_refsource_SECUNIA
    http://security.gentoo.org/glsa/glsa-200411-34.xml vendor-advisoryx_refsource_GENTOO
    https://www.ubuntu.com/usn/usn-31-1/ vendor-advisoryx_refsource_UBUNTU
    Date Public
    2004-11-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T00:38:59.800Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "DSA-597",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2004/dsa-597"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://security.e-matters.de/advisories/152004.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
              },
              {
                "name": "MDKSA-2004:139",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
                  "x_transferred"
                ],
                "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
              },
              {
                "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
              },
              {
                "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
              },
              {
                "name": "13274",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/13274/"
              },
              {
                "name": "GLSA-200411-34",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
              },
              {
                "name": "USN-31-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://www.ubuntu.com/usn/usn-31-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2004-11-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) \"body[p\", (2) \"binary[p\", or (3) \"binary[p\") that cause an index increment error that leads to an out-of-bounds memory corruption."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2016-12-06T21:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "DSA-597",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2004/dsa-597"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://security.e-matters.de/advisories/152004.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
            },
            {
              "name": "MDKSA-2004:139",
              "tags": [
                "vendor-advisory",
                "x_refsource_MANDRAKE"
              ],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
            },
            {
              "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
            },
            {
              "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
            },
            {
              "name": "13274",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/13274/"
            },
            {
              "name": "GLSA-200411-34",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
            },
            {
              "name": "USN-31-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://www.ubuntu.com/usn/usn-31-1/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2004-1013",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) \"body[p\", (2) \"binary[p\", or (3) \"binary[p\") that cause an index increment error that leads to an out-of-bounds memory corruption."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "DSA-597",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2004/dsa-597"
                },
                {
                  "name": "http://security.e-matters.de/advisories/152004.html",
                  "refsource": "MISC",
                  "url": "http://security.e-matters.de/advisories/152004.html"
                },
                {
                  "name": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html",
                  "refsource": "CONFIRM",
                  "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
                },
                {
                  "name": "MDKSA-2004:139",
                  "refsource": "MANDRAKE",
                  "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:139"
                },
                {
                  "name": "20041122 Advisory 15/2004: Cyrus IMAP Server multiple remote vulnerabilities",
                  "refsource": "BUGTRAQ",
                  "url": "http://marc.info/?l=bugtraq\u0026m=110123023521619\u0026w=2"
                },
                {
                  "name": "[cyrus-announce] 20041122 Cyrus IMAPd 2.2.9 Released",
                  "refsource": "MLIST",
                  "url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce\u0026msg=143"
                },
                {
                  "name": "13274",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/13274/"
                },
                {
                  "name": "GLSA-200411-34",
                  "refsource": "GENTOO",
                  "url": "http://security.gentoo.org/glsa/glsa-200411-34.xml"
                },
                {
                  "name": "USN-31-1",
                  "refsource": "UBUNTU",
                  "url": "https://www.ubuntu.com/usn/usn-31-1/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2004-1013",
        "datePublished": "2004-12-01T05:00:00.000Z",
        "dateReserved": "2004-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-08T00:38:59.800Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2002-1580 (GCVE-0-2002-1580)

    Vulnerability from cvelistv5 – Published: 2004-05-20 04:00 – Updated: 2024-08-08 03:26
    VLAI
    Summary
    Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://distro.conectiva.com/atualizacoes/?id=a&an… vendor-advisoryx_refsource_CONECTIVA
    http://distro.conectiva.com.br/atualizacoes/?id=a… vendor-advisoryx_refsource_CONECTIVA
    http://www.debian.org/security/2002/dsa-215 vendor-advisoryx_refsource_DEBIAN
    http://asg.web.cmu.edu/cyrus/download/imapd/chang… x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/740169 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/bid/6298 vdb-entryx_refsource_BID
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/301864 mailing-listx_refsource_BUGTRAQ
    Date Public
    2002-12-02 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T03:26:29.337Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "000557",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
                  "x_transferred"
                ],
                "url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000557"
              },
              {
                "name": "CLA-2002:557",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_CONECTIVA",
                  "x_transferred"
                ],
                "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000557"
              },
              {
                "name": "DSA-215",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2002/dsa-215"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
              },
              {
                "name": "VU#740169",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/740169"
              },
              {
                "name": "6298",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/6298"
              },
              {
                "name": "cyrus-imap-preauth-bo(10744)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10744"
              },
              {
                "name": "20021202 pre-login buffer overflow in Cyrus IMAP server",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/301864"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2002-12-02T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "000557",
              "tags": [
                "vendor-advisory",
                "x_refsource_CONECTIVA"
              ],
              "url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000557"
            },
            {
              "name": "CLA-2002:557",
              "tags": [
                "vendor-advisory",
                "x_refsource_CONECTIVA"
              ],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000557"
            },
            {
              "name": "DSA-215",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2002/dsa-215"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
            },
            {
              "name": "VU#740169",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/740169"
            },
            {
              "name": "6298",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/6298"
            },
            {
              "name": "cyrus-imap-preauth-bo(10744)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10744"
            },
            {
              "name": "20021202 pre-login buffer overflow in Cyrus IMAP server",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/301864"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2002-1580",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 allows remote attackers to execute arbitrary code via a large length value that facilitates a buffer overflow attack, a different vulnerability than CVE-2002-1347."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "000557",
                  "refsource": "CONECTIVA",
                  "url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000557"
                },
                {
                  "name": "CLA-2002:557",
                  "refsource": "CONECTIVA",
                  "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000557"
                },
                {
                  "name": "DSA-215",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2002/dsa-215"
                },
                {
                  "name": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html",
                  "refsource": "CONFIRM",
                  "url": "http://asg.web.cmu.edu/cyrus/download/imapd/changes.html"
                },
                {
                  "name": "VU#740169",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/740169"
                },
                {
                  "name": "6298",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/6298"
                },
                {
                  "name": "cyrus-imap-preauth-bo(10744)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10744"
                },
                {
                  "name": "20021202 pre-login buffer overflow in Cyrus IMAP server",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/301864"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2002-1580",
        "datePublished": "2004-05-20T04:00:00.000Z",
        "dateReserved": "2004-05-13T00:00:00.000Z",
        "dateUpdated": "2024-08-08T03:26:29.337Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-1154 (GCVE-0-2001-1154)

    Vulnerability from cvelistv5 – Published: 2002-03-15 05:00 – Updated: 2024-08-08 04:44
    VLAI
    Summary
    Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/archive/1/211056 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/bid/3260 vdb-entryx_refsource_BID
    Date Public
    2001-08-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:44:07.894Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "cyrus-imap-php-dos(7053)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7053"
              },
              {
                "name": "20010830 Possible Denial of Service with PHP and Cyrus IMAP on BSDi 4.2",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/211056"
              },
              {
                "name": "3260",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/3260"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-18T21:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "cyrus-imap-php-dos(7053)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7053"
            },
            {
              "name": "20010830 Possible Denial of Service with PHP and Cyrus IMAP on BSDi 4.2",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/211056"
            },
            {
              "name": "3260",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/3260"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-1154",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, allows remote attackers to cause a denial of service (hang) using PHP IMAP clients."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "cyrus-imap-php-dos(7053)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7053"
                },
                {
                  "name": "20010830 Possible Denial of Service with PHP and Cyrus IMAP on BSDi 4.2",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/211056"
                },
                {
                  "name": "3260",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/3260"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-1154",
        "datePublished": "2002-03-15T05:00:00.000Z",
        "dateReserved": "2002-03-15T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:44:07.894Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }