This page lists publicly disclosed CVE vulnerabilities affecting cyrus imapd (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2011-3372 | imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command. | [email protected] | 7.5 | 0.27% | 2011-12-24 | 2026-04-29 |
| CVE-2006-2502 | Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command. | [email protected] | 5.1 | 77.01% | 2006-05-22 | 2026-04-16 |
| CVE-2005-0546 | Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd. | [email protected] | 7.5 | 1.82% | 2005-05-02 | 2026-04-16 |