csaf_opensuse - opensuse-su-2024:10015-1

opensuse-su-2024:10015-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

cyradm-2.4.18-3.4 on GA media

Notes

Title of the patch

cyradm-2.4.18-3.4 on GA media

Description of the patch

These are all security issues fixed in the cyradm-2.4.18-3.4 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10015

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "cyradm-2.4.18-3.4 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the cyradm-2.4.18-3.4 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10015",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10015-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2009-3235 page",
        "url": "https://www.suse.com/security/cve/CVE-2009-3235/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2011-3372 page",
        "url": "https://www.suse.com/security/cve/CVE-2011-3372/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8077 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8077/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-8078 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-8078/"
      }
    ],
    "title": "cyradm-2.4.18-3.4 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10015-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cyradm-2.4.18-3.4.aarch64",
                "product": {
                  "name": "cyradm-2.4.18-3.4.aarch64",
                  "product_id": "cyradm-2.4.18-3.4.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "cyrus-imapd-2.4.18-3.4.aarch64",
                "product": {
                  "name": "cyrus-imapd-2.4.18-3.4.aarch64",
                  "product_id": "cyrus-imapd-2.4.18-3.4.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "cyrus-imapd-devel-2.4.18-3.4.aarch64",
                "product": {
                  "name": "cyrus-imapd-devel-2.4.18-3.4.aarch64",
                  "product_id": "cyrus-imapd-devel-2.4.18-3.4.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "cyrus-imapd-snmp-2.4.18-3.4.aarch64",
                "product": {
                  "name": "cyrus-imapd-snmp-2.4.18-3.4.aarch64",
                  "product_id": "cyrus-imapd-snmp-2.4.18-3.4.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "cyrus-imapd-snmp-mibs-2.4.18-3.4.aarch64",
                "product": {
                  "name": "cyrus-imapd-snmp-mibs-2.4.18-3.4.aarch64",
                  "product_id": "cyrus-imapd-snmp-mibs-2.4.18-3.4.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "cyrus-imapd-utils-2.4.18-3.4.aarch64",
                "product": {
                  "name": "cyrus-imapd-utils-2.4.18-3.4.aarch64",
                  "product_id": "cyrus-imapd-utils-2.4.18-3.4.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "perl-Cyrus-IMAP-2.4.18-3.4.aarch64",
                "product": {
                  "name": "perl-Cyrus-IMAP-2.4.18-3.4.aarch64",
                  "product_id": "perl-Cyrus-IMAP-2.4.18-3.4.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.aarch64",
                "product": {
                  "name": "perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.aarch64",
                  "product_id": "perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cyradm-2.4.18-3.4.ppc64le",
                "product": {
                  "name": "cyradm-2.4.18-3.4.ppc64le",
                  "product_id": "cyradm-2.4.18-3.4.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "cyrus-imapd-2.4.18-3.4.ppc64le",
                "product": {
                  "name": "cyrus-imapd-2.4.18-3.4.ppc64le",
                  "product_id": "cyrus-imapd-2.4.18-3.4.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "cyrus-imapd-devel-2.4.18-3.4.ppc64le",
                "product": {
                  "name": "cyrus-imapd-devel-2.4.18-3.4.ppc64le",
                  "product_id": "cyrus-imapd-devel-2.4.18-3.4.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "cyrus-imapd-snmp-2.4.18-3.4.ppc64le",
                "product": {
                  "name": "cyrus-imapd-snmp-2.4.18-3.4.ppc64le",
                  "product_id": "cyrus-imapd-snmp-2.4.18-3.4.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "cyrus-imapd-snmp-mibs-2.4.18-3.4.ppc64le",
                "product": {
                  "name": "cyrus-imapd-snmp-mibs-2.4.18-3.4.ppc64le",
                  "product_id": "cyrus-imapd-snmp-mibs-2.4.18-3.4.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "cyrus-imapd-utils-2.4.18-3.4.ppc64le",
                "product": {
                  "name": "cyrus-imapd-utils-2.4.18-3.4.ppc64le",
                  "product_id": "cyrus-imapd-utils-2.4.18-3.4.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "perl-Cyrus-IMAP-2.4.18-3.4.ppc64le",
                "product": {
                  "name": "perl-Cyrus-IMAP-2.4.18-3.4.ppc64le",
                  "product_id": "perl-Cyrus-IMAP-2.4.18-3.4.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.ppc64le",
                "product": {
                  "name": "perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.ppc64le",
                  "product_id": "perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cyradm-2.4.18-3.4.s390x",
                "product": {
                  "name": "cyradm-2.4.18-3.4.s390x",
                  "product_id": "cyradm-2.4.18-3.4.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "cyrus-imapd-2.4.18-3.4.s390x",
                "product": {
                  "name": "cyrus-imapd-2.4.18-3.4.s390x",
                  "product_id": "cyrus-imapd-2.4.18-3.4.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "cyrus-imapd-devel-2.4.18-3.4.s390x",
                "product": {
                  "name": "cyrus-imapd-devel-2.4.18-3.4.s390x",
                  "product_id": "cyrus-imapd-devel-2.4.18-3.4.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "cyrus-imapd-snmp-2.4.18-3.4.s390x",
                "product": {
                  "name": "cyrus-imapd-snmp-2.4.18-3.4.s390x",
                  "product_id": "cyrus-imapd-snmp-2.4.18-3.4.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "cyrus-imapd-snmp-mibs-2.4.18-3.4.s390x",
                "product": {
                  "name": "cyrus-imapd-snmp-mibs-2.4.18-3.4.s390x",
                  "product_id": "cyrus-imapd-snmp-mibs-2.4.18-3.4.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "cyrus-imapd-utils-2.4.18-3.4.s390x",
                "product": {
                  "name": "cyrus-imapd-utils-2.4.18-3.4.s390x",
                  "product_id": "cyrus-imapd-utils-2.4.18-3.4.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "perl-Cyrus-IMAP-2.4.18-3.4.s390x",
                "product": {
                  "name": "perl-Cyrus-IMAP-2.4.18-3.4.s390x",
                  "product_id": "perl-Cyrus-IMAP-2.4.18-3.4.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.s390x",
                "product": {
                  "name": "perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.s390x",
                  "product_id": "perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cyradm-2.4.18-3.4.x86_64",
                "product": {
                  "name": "cyradm-2.4.18-3.4.x86_64",
                  "product_id": "cyradm-2.4.18-3.4.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cyrus-imapd-2.4.18-3.4.x86_64",
                "product": {
                  "name": "cyrus-imapd-2.4.18-3.4.x86_64",
                  "product_id": "cyrus-imapd-2.4.18-3.4.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cyrus-imapd-devel-2.4.18-3.4.x86_64",
                "product": {
                  "name": "cyrus-imapd-devel-2.4.18-3.4.x86_64",
                  "product_id": "cyrus-imapd-devel-2.4.18-3.4.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cyrus-imapd-snmp-2.4.18-3.4.x86_64",
                "product": {
                  "name": "cyrus-imapd-snmp-2.4.18-3.4.x86_64",
                  "product_id": "cyrus-imapd-snmp-2.4.18-3.4.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cyrus-imapd-snmp-mibs-2.4.18-3.4.x86_64",
                "product": {
                  "name": "cyrus-imapd-snmp-mibs-2.4.18-3.4.x86_64",
                  "product_id": "cyrus-imapd-snmp-mibs-2.4.18-3.4.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "cyrus-imapd-utils-2.4.18-3.4.x86_64",
                "product": {
                  "name": "cyrus-imapd-utils-2.4.18-3.4.x86_64",
                  "product_id": "cyrus-imapd-utils-2.4.18-3.4.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "perl-Cyrus-IMAP-2.4.18-3.4.x86_64",
                "product": {
                  "name": "perl-Cyrus-IMAP-2.4.18-3.4.x86_64",
                  "product_id": "perl-Cyrus-IMAP-2.4.18-3.4.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.x86_64",
                "product": {
                  "name": "perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.x86_64",
                  "product_id": "perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyradm-2.4.18-3.4.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyradm-2.4.18-3.4.aarch64"
        },
        "product_reference": "cyradm-2.4.18-3.4.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyradm-2.4.18-3.4.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyradm-2.4.18-3.4.ppc64le"
        },
        "product_reference": "cyradm-2.4.18-3.4.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyradm-2.4.18-3.4.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyradm-2.4.18-3.4.s390x"
        },
        "product_reference": "cyradm-2.4.18-3.4.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyradm-2.4.18-3.4.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyradm-2.4.18-3.4.x86_64"
        },
        "product_reference": "cyradm-2.4.18-3.4.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyrus-imapd-2.4.18-3.4.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.aarch64"
        },
        "product_reference": "cyrus-imapd-2.4.18-3.4.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyrus-imapd-2.4.18-3.4.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.ppc64le"
        },
        "product_reference": "cyrus-imapd-2.4.18-3.4.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyrus-imapd-2.4.18-3.4.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.s390x"
        },
        "product_reference": "cyrus-imapd-2.4.18-3.4.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyrus-imapd-2.4.18-3.4.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.x86_64"
        },
        "product_reference": "cyrus-imapd-2.4.18-3.4.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyrus-imapd-devel-2.4.18-3.4.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.aarch64"
        },
        "product_reference": "cyrus-imapd-devel-2.4.18-3.4.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyrus-imapd-devel-2.4.18-3.4.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.ppc64le"
        },
        "product_reference": "cyrus-imapd-devel-2.4.18-3.4.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyrus-imapd-devel-2.4.18-3.4.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.s390x"
        },
        "product_reference": "cyrus-imapd-devel-2.4.18-3.4.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyrus-imapd-devel-2.4.18-3.4.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.x86_64"
        },
        "product_reference": "cyrus-imapd-devel-2.4.18-3.4.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyrus-imapd-snmp-2.4.18-3.4.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.aarch64"
        },
        "product_reference": "cyrus-imapd-snmp-2.4.18-3.4.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyrus-imapd-snmp-2.4.18-3.4.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.ppc64le"
        },
        "product_reference": "cyrus-imapd-snmp-2.4.18-3.4.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyrus-imapd-snmp-2.4.18-3.4.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.s390x"
        },
        "product_reference": "cyrus-imapd-snmp-2.4.18-3.4.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyrus-imapd-snmp-2.4.18-3.4.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.x86_64"
        },
        "product_reference": "cyrus-imapd-snmp-2.4.18-3.4.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyrus-imapd-snmp-mibs-2.4.18-3.4.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.aarch64"
        },
        "product_reference": "cyrus-imapd-snmp-mibs-2.4.18-3.4.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyrus-imapd-snmp-mibs-2.4.18-3.4.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.ppc64le"
        },
        "product_reference": "cyrus-imapd-snmp-mibs-2.4.18-3.4.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyrus-imapd-snmp-mibs-2.4.18-3.4.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.s390x"
        },
        "product_reference": "cyrus-imapd-snmp-mibs-2.4.18-3.4.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyrus-imapd-snmp-mibs-2.4.18-3.4.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.x86_64"
        },
        "product_reference": "cyrus-imapd-snmp-mibs-2.4.18-3.4.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyrus-imapd-utils-2.4.18-3.4.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.aarch64"
        },
        "product_reference": "cyrus-imapd-utils-2.4.18-3.4.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyrus-imapd-utils-2.4.18-3.4.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.ppc64le"
        },
        "product_reference": "cyrus-imapd-utils-2.4.18-3.4.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyrus-imapd-utils-2.4.18-3.4.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.s390x"
        },
        "product_reference": "cyrus-imapd-utils-2.4.18-3.4.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cyrus-imapd-utils-2.4.18-3.4.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.x86_64"
        },
        "product_reference": "cyrus-imapd-utils-2.4.18-3.4.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Cyrus-IMAP-2.4.18-3.4.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.aarch64"
        },
        "product_reference": "perl-Cyrus-IMAP-2.4.18-3.4.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Cyrus-IMAP-2.4.18-3.4.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.ppc64le"
        },
        "product_reference": "perl-Cyrus-IMAP-2.4.18-3.4.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Cyrus-IMAP-2.4.18-3.4.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.s390x"
        },
        "product_reference": "perl-Cyrus-IMAP-2.4.18-3.4.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Cyrus-IMAP-2.4.18-3.4.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.x86_64"
        },
        "product_reference": "perl-Cyrus-IMAP-2.4.18-3.4.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.aarch64"
        },
        "product_reference": "perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.ppc64le"
        },
        "product_reference": "perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.s390x"
        },
        "product_reference": "perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.x86_64"
        },
        "product_reference": "perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-3235",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2009-3235"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cyradm-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyradm-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyradm-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyradm-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2009-3235",
          "url": "https://www.suse.com/security/cve/CVE-2009-3235"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 539876 for CVE-2009-3235",
          "url": "https://bugzilla.suse.com/539876"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 539877 for CVE-2009-3235",
          "url": "https://bugzilla.suse.com/539877"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cyradm-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyradm-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyradm-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyradm-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2009-3235"
    },
    {
      "cve": "CVE-2011-3372",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2011-3372"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cyradm-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyradm-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyradm-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyradm-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2011-3372",
          "url": "https://www.suse.com/security/cve/CVE-2011-3372"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 719998 for CVE-2011-3372",
          "url": "https://bugzilla.suse.com/719998"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cyradm-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyradm-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyradm-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyradm-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2011-3372"
    },
    {
      "cve": "CVE-2015-8077",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8077"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cyradm-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyradm-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyradm-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyradm-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8077",
          "url": "https://www.suse.com/security/cve/CVE-2015-8077"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 954200 for CVE-2015-8077",
          "url": "https://bugzilla.suse.com/954200"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 954201 for CVE-2015-8077",
          "url": "https://bugzilla.suse.com/954201"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 981670 for CVE-2015-8077",
          "url": "https://bugzilla.suse.com/981670"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cyradm-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyradm-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyradm-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyradm-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2015-8077"
    },
    {
      "cve": "CVE-2015-8078",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-8078"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:cyradm-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyradm-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyradm-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyradm-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.x86_64",
          "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.aarch64",
          "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.ppc64le",
          "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.s390x",
          "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-8078",
          "url": "https://www.suse.com/security/cve/CVE-2015-8078"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 954201 for CVE-2015-8078",
          "url": "https://bugzilla.suse.com/954201"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 981670 for CVE-2015-8078",
          "url": "https://bugzilla.suse.com/981670"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:cyradm-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyradm-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyradm-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyradm-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyrus-imapd-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyrus-imapd-devel-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyrus-imapd-snmp-mibs-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:cyrus-imapd-utils-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:perl-Cyrus-IMAP-2.4.18-3.4.x86_64",
            "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.aarch64",
            "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.ppc64le",
            "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.s390x",
            "openSUSE Tumbleweed:perl-Cyrus-SIEVE-managesieve-2.4.18-3.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2015-8078"
    }
  ]
}

CVE-2011-3372 (GCVE-0-2011-3372)

Vulnerability from cvelistv5

Published

2011-12-24 19:00

Modified

2024-09-17 00:45

Severity ?

CWE

Summary

imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.

References

URL

Tags

	http://cyrusimap.org/mediawiki/index.php/Latest_Updates	x_refsource_CONFIRM
	https://bugzilla.redhat.com/show_bug.cgi?id=740822	x_refsource_CONFIRM
	http://www.redhat.com/support/errata/RHSA-2011-1508.html	vendor-advisory, x_refsource_REDHAT
	http://www.mandriva.com/security/advisories?name=MDVSA-2011:149	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/46093	third-party-advisory, x_refsource_SECUNIA
	http://git.cyrusimap.org/cyrus-imapd/commit/?id=77903669e04c9788460561dd0560b9c916519594	x_refsource_CONFIRM
	http://securitytracker.com/id?1026363	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/secunia_research/2011-68	x_refsource_MISC
	http://www.debian.org/security/2011/dsa-2318	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T23:29:56.895Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cyrusimap.org/mediawiki/index.php/Latest_Updates"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=740822"
          },
          {
            "name": "RHSA-2011:1508",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2011-1508.html"
          },
          {
            "name": "MDVSA-2011:149",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:149"
          },
          {
            "name": "46093",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/46093"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=77903669e04c9788460561dd0560b9c916519594"
          },
          {
            "name": "1026363",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1026363"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://secunia.com/secunia_research/2011-68"
          },
          {
            "name": "DSA-2318",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2011/dsa-2318"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2011-12-24T19:00:00Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cyrusimap.org/mediawiki/index.php/Latest_Updates"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=740822"
        },
        {
          "name": "RHSA-2011:1508",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2011-1508.html"
        },
        {
          "name": "MDVSA-2011:149",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:149"
        },
        {
          "name": "46093",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/46093"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=77903669e04c9788460561dd0560b9c916519594"
        },
        {
          "name": "1026363",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1026363"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://secunia.com/secunia_research/2011-68"
        },
        {
          "name": "DSA-2318",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2011/dsa-2318"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2011-3372",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://cyrusimap.org/mediawiki/index.php/Latest_Updates",
              "refsource": "CONFIRM",
              "url": "http://cyrusimap.org/mediawiki/index.php/Latest_Updates"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=740822",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=740822"
            },
            {
              "name": "RHSA-2011:1508",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2011-1508.html"
            },
            {
              "name": "MDVSA-2011:149",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:149"
            },
            {
              "name": "46093",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/46093"
            },
            {
              "name": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=77903669e04c9788460561dd0560b9c916519594",
              "refsource": "CONFIRM",
              "url": "http://git.cyrusimap.org/cyrus-imapd/commit/?id=77903669e04c9788460561dd0560b9c916519594"
            },
            {
              "name": "1026363",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1026363"
            },
            {
              "name": "http://secunia.com/secunia_research/2011-68",
              "refsource": "MISC",
              "url": "http://secunia.com/secunia_research/2011-68"
            },
            {
              "name": "DSA-2318",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2011/dsa-2318"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2011-3372",
    "datePublished": "2011-12-24T19:00:00Z",
    "dateReserved": "2011-08-30T00:00:00Z",
    "dateUpdated": "2024-09-17T00:45:46.502Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8078 (GCVE-0-2015-8078)

Vulnerability from cvelistv5

Published

2015-12-03 20:00

Modified

2024-08-06 08:06

Severity ?

CWE

Summary

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.

References

URL

Tags

	https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/11/04/3	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-updates/2015-11/msg00156.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html	vendor-advisory, x_refsource_SUSE
	http://www.securitytracker.com/id/1034282	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html	vendor-advisory, x_refsource_SUSE
	https://cyrus.foundation/cyrus-imapd/commit/?id=6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:06:31.833Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html"
          },
          {
            "name": "[oss-security] 20151104 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/11/04/3"
          },
          {
            "name": "openSUSE-SU-2015:2130",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00156.html"
          },
          {
            "name": "SUSE-SU-2016:1459",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
          },
          {
            "name": "1034282",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034282"
          },
          {
            "name": "SUSE-SU-2016:1457",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cyrus.foundation/cyrus-imapd/commit/?id=6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-10-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-13T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html"
        },
        {
          "name": "[oss-security] 20151104 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/11/04/3"
        },
        {
          "name": "openSUSE-SU-2015:2130",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00156.html"
        },
        {
          "name": "SUSE-SU-2016:1459",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
        },
        {
          "name": "1034282",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034282"
        },
        {
          "name": "SUSE-SU-2016:1457",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cyrus.foundation/cyrus-imapd/commit/?id=6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-8078",
    "datePublished": "2015-12-03T20:00:00",
    "dateReserved": "2015-11-04T00:00:00",
    "dateUpdated": "2024-08-06T08:06:31.833Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2009-3235 (GCVE-0-2009-3235)

Vulnerability from cvelistv5

Published

2009-09-17 10:00

Modified

2024-08-07 06:22

Severity ?

CWE

Summary

Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632.

References

URL

Tags

	http://www.securityfocus.com/bid/36377	vdb-entry, x_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilities/53248	vdb-entry, x_refsource_XF
	http://secunia.com/advisories/36713	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html	vendor-advisory, x_refsource_SUSE
	http://dovecot.org/list/dovecot-news/2009-September/000135.html	mailing-list, x_refsource_MLIST
	http://www.ubuntu.com/usn/USN-838-1	vendor-advisory, x_refsource_UBUNTU
	http://www.osvdb.org/58103	vdb-entry, x_refsource_OSVDB
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10515	vdb-entry, signature, x_refsource_OVAL
	http://www.vupen.com/english/advisories/2009/3184	vdb-entry, x_refsource_VUPEN
	http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/36904	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/36698	third-party-advisory, x_refsource_SECUNIA
	http://www.vupen.com/english/advisories/2009/2641	vdb-entry, x_refsource_VUPEN
	http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html	vendor-advisory, x_refsource_APPLE
	https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html	vendor-advisory, x_refsource_FEDORA
	http://www.openwall.com/lists/oss-security/2009/09/14/3	mailing-list, x_refsource_MLIST
	http://support.apple.com/kb/HT3937	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T06:22:23.176Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "36377",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/36377"
          },
          {
            "name": "cmu-sieve-dovecot-unspecified-bo(53248)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53248"
          },
          {
            "name": "36713",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36713"
          },
          {
            "name": "SUSE-SR:2009:018",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
          },
          {
            "name": "[Dovecot-news] 20090914 Security holes in CMU Sieve plugin",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://dovecot.org/list/dovecot-news/2009-September/000135.html"
          },
          {
            "name": "USN-838-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-838-1"
          },
          {
            "name": "58103",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/58103"
          },
          {
            "name": "oval:org.mitre.oval:def:10515",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10515"
          },
          {
            "name": "ADV-2009-3184",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3184"
          },
          {
            "name": "SUSE-SR:2009:016",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
          },
          {
            "name": "36904",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36904"
          },
          {
            "name": "36698",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/36698"
          },
          {
            "name": "ADV-2009-2641",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/2641"
          },
          {
            "name": "APPLE-SA-2009-11-09-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
          },
          {
            "name": "FEDORA-2009-9559",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html"
          },
          {
            "name": "[oss-security] 20090914 Re: CVE for recent cyrus-imap issue",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/09/14/3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3937"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-09-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-18T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "36377",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/36377"
        },
        {
          "name": "cmu-sieve-dovecot-unspecified-bo(53248)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53248"
        },
        {
          "name": "36713",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36713"
        },
        {
          "name": "SUSE-SR:2009:018",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
        },
        {
          "name": "[Dovecot-news] 20090914 Security holes in CMU Sieve plugin",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://dovecot.org/list/dovecot-news/2009-September/000135.html"
        },
        {
          "name": "USN-838-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-838-1"
        },
        {
          "name": "58103",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/58103"
        },
        {
          "name": "oval:org.mitre.oval:def:10515",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10515"
        },
        {
          "name": "ADV-2009-3184",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3184"
        },
        {
          "name": "SUSE-SR:2009:016",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
        },
        {
          "name": "36904",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36904"
        },
        {
          "name": "36698",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/36698"
        },
        {
          "name": "ADV-2009-2641",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/2641"
        },
        {
          "name": "APPLE-SA-2009-11-09-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
        },
        {
          "name": "FEDORA-2009-9559",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html"
        },
        {
          "name": "[oss-security] 20090914 Re: CVE for recent cyrus-imap issue",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/09/14/3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3937"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-3235",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack-based buffer overflows in the Sieve plugin in Dovecot 1.0 before 1.0.4 and 1.1 before 1.1.7, as derived from Cyrus libsieve, allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SIEVE script, as demonstrated by forwarding an e-mail message to a large number of recipients, a different vulnerability than CVE-2009-2632."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "36377",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/36377"
            },
            {
              "name": "cmu-sieve-dovecot-unspecified-bo(53248)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53248"
            },
            {
              "name": "36713",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36713"
            },
            {
              "name": "SUSE-SR:2009:018",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
            },
            {
              "name": "[Dovecot-news] 20090914 Security holes in CMU Sieve plugin",
              "refsource": "MLIST",
              "url": "http://dovecot.org/list/dovecot-news/2009-September/000135.html"
            },
            {
              "name": "USN-838-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-838-1"
            },
            {
              "name": "58103",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/58103"
            },
            {
              "name": "oval:org.mitre.oval:def:10515",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10515"
            },
            {
              "name": "ADV-2009-3184",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/3184"
            },
            {
              "name": "SUSE-SR:2009:016",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
            },
            {
              "name": "36904",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36904"
            },
            {
              "name": "36698",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/36698"
            },
            {
              "name": "ADV-2009-2641",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2009/2641"
            },
            {
              "name": "APPLE-SA-2009-11-09-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
            },
            {
              "name": "FEDORA-2009-9559",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00491.html"
            },
            {
              "name": "[oss-security] 20090914 Re: CVE for recent cyrus-imap issue",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/09/14/3"
            },
            {
              "name": "http://support.apple.com/kb/HT3937",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3937"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-3235",
    "datePublished": "2009-09-17T10:00:00",
    "dateReserved": "2009-09-16T00:00:00",
    "dateUpdated": "2024-08-07T06:22:23.176Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-8077 (GCVE-0-2015-8077)

Vulnerability from cvelistv5

Published

2015-12-03 20:00

Modified

2024-08-06 08:06

Severity ?

CWE

Summary

Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.

References

URL

Tags

	https://lists.andrew.cmu.edu/pipermail/cyrus-devel/2015-October/003534.html	mailing-list, x_refsource_MLIST
	https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2015/11/04/3	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/09/30/3	mailing-list, x_refsource_MLIST
	http://lists.opensuse.org/opensuse-updates/2015-11/msg00156.html	vendor-advisory, x_refsource_SUSE
	https://cyrus.foundation/cyrus-imapd/commit/?id=745e161c834f1eb6d62fc14477f51dae799e1e08	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html	vendor-advisory, x_refsource_SUSE
	http://www.securitytracker.com/id/1034282	vdb-entry, x_refsource_SECTRACK
	http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html	vendor-advisory, x_refsource_SUSE
	http://lists.opensuse.org/opensuse-updates/2015-12/msg00015.html	vendor-advisory, x_refsource_SUSE

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T08:06:31.903Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[Cyrus-devel] 20151005 Recent security fixes",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.andrew.cmu.edu/pipermail/cyrus-devel/2015-October/003534.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html"
          },
          {
            "name": "[oss-security] 20151104 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/11/04/3"
          },
          {
            "name": "[oss-security] 20150930 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/09/30/3"
          },
          {
            "name": "openSUSE-SU-2015:2130",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00156.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cyrus.foundation/cyrus-imapd/commit/?id=745e161c834f1eb6d62fc14477f51dae799e1e08"
          },
          {
            "name": "SUSE-SU-2016:1459",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
          },
          {
            "name": "1034282",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034282"
          },
          {
            "name": "SUSE-SU-2016:1457",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
          },
          {
            "name": "openSUSE-SU-2015:2200",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00015.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-09-30T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-13T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[Cyrus-devel] 20151005 Recent security fixes",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.andrew.cmu.edu/pipermail/cyrus-devel/2015-October/003534.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.7.html"
        },
        {
          "name": "[oss-security] 20151104 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/11/04/3"
        },
        {
          "name": "[oss-security] 20150930 Re: CVE request: urlfetch range handling flaw in Cyrus IMAP",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/09/30/3"
        },
        {
          "name": "openSUSE-SU-2015:2130",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00156.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cyrus.foundation/cyrus-imapd/commit/?id=745e161c834f1eb6d62fc14477f51dae799e1e08"
        },
        {
          "name": "SUSE-SU-2016:1459",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00000.html"
        },
        {
          "name": "1034282",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034282"
        },
        {
          "name": "SUSE-SU-2016:1457",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00066.html"
        },
        {
          "name": "openSUSE-SU-2015:2200",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00015.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-8077",
    "datePublished": "2015-12-03T20:00:00",
    "dateReserved": "2015-11-04T00:00:00",
    "dateUpdated": "2024-08-06T08:06:31.903Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

opensuse-su-2024:10015-1

Vulnerability from csaf_opensuse

CVE-2011-3372 (GCVE-0-2011-3372)

Vulnerability from cvelistv5

CVE-2015-8078 (GCVE-0-2015-8078)

Vulnerability from cvelistv5

CVE-2009-3235 (GCVE-0-2009-3235)

Vulnerability from cvelistv5

CVE-2015-8077 (GCVE-0-2015-8077)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature