Search CVE reports
381 – 390 of 40688 results
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var() value in an e-mail message, which may lead to information disclosure or access-control bypass.
1 affected package
roundcube
| Package | 20.04 LTS |
|---|---|
| roundcube | Needs evaluation |
In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation...
1 affected package
roundcube
| Package | 20.04 LTS |
|---|---|
| roundcube | Needs evaluation |
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been removed in 1.6.16 and 1.7.1.)
1 affected package
roundcube
| Package | 20.04 LTS |
|---|---|
| roundcube | Needs evaluation |
Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links...
1 affected package
roundcube
| Package | 20.04 LTS |
|---|---|
| roundcube | Needs evaluation |
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugin via a preg_replace() backslash escape bypass.
1 affected package
roundcube
| Package | 20.04 LTS |
|---|---|
| roundcube | Needs evaluation |
Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability...
19 affected packages
rustc, rustc-1.62, rustc-1.74, rustc-1.76, rustc-1.77...
| Package | 20.04 LTS |
|---|---|
| rustc | Needs evaluation |
| rustc-1.62 | — |
| rustc-1.74 | — |
| rustc-1.76 | Needs evaluation |
| rustc-1.77 | Needs evaluation |
| rustc-1.78 | Needs evaluation |
| rustc-1.79 | Needs evaluation |
| rustc-1.80 | Needs evaluation |
| rustc-1.81 | — |
| rustc-1.82 | — |
| rustc-1.83 | — |
| rustc-1.84 | — |
| rustc-1.85 | — |
| rustc-1.88 | — |
| rustc-1.89 | — |
| rustc-1.91 | — |
| rustc-1.92 | — |
| rustc-1.93 | — |
| cargo | Needs evaluation |
Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an...
19 affected packages
rustc, rustc-1.62, rustc-1.74, rustc-1.76, rustc-1.77...
| Package | 20.04 LTS |
|---|---|
| rustc | Needs evaluation |
| rustc-1.62 | — |
| rustc-1.74 | — |
| rustc-1.76 | Needs evaluation |
| rustc-1.77 | Needs evaluation |
| rustc-1.78 | Needs evaluation |
| rustc-1.79 | Needs evaluation |
| rustc-1.80 | Needs evaluation |
| rustc-1.81 | — |
| rustc-1.82 | — |
| rustc-1.83 | — |
| rustc-1.84 | — |
| rustc-1.85 | — |
| rustc-1.88 | — |
| rustc-1.89 | — |
| rustc-1.91 | — |
| rustc-1.92 | — |
| rustc-1.93 | — |
| cargo | Needs evaluation |
action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability.
1 affected package
spip
| Package | 20.04 LTS |
|---|---|
| spip | Needs evaluation |
Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the...
1 affected package
wine
| Package | 20.04 LTS |
|---|---|
| wine | Needs evaluation |
A vulnerability has been found in Ettercap up to 0.8.3. The affected element is the function FUNC_DECODER of the file src/dissectors/ec_gg.c of the component GG Dissector. The manipulation of the argument gg leads to heap-based...
1 affected package
ettercap
| Package | 20.04 LTS |
|---|---|
| ettercap | Needs evaluation |