Search CVE reports
401 – 410 of 36525 results
In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation...
1 affected package
roundcube
| Package | 24.04 LTS |
|---|---|
| roundcube | Needs evaluation |
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been removed in 1.6.16 and 1.7.1.)
1 affected package
roundcube
| Package | 24.04 LTS |
|---|---|
| roundcube | Needs evaluation |
Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links...
1 affected package
roundcube
| Package | 24.04 LTS |
|---|---|
| roundcube | Needs evaluation |
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugin via a preg_replace() backslash escape bypass.
1 affected package
roundcube
| Package | 24.04 LTS |
|---|---|
| roundcube | Needs evaluation |
Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability...
19 affected packages
rustc, rustc-1.62, rustc-1.74, rustc-1.76, rustc-1.77...
| Package | 24.04 LTS |
|---|---|
| rustc | Needs evaluation |
| rustc-1.62 | Not in release |
| rustc-1.74 | Needs evaluation |
| rustc-1.76 | Needs evaluation |
| rustc-1.77 | Needs evaluation |
| rustc-1.78 | Needs evaluation |
| rustc-1.79 | Needs evaluation |
| rustc-1.80 | Needs evaluation |
| rustc-1.81 | Needs evaluation |
| rustc-1.82 | Needs evaluation |
| rustc-1.83 | Needs evaluation |
| rustc-1.84 | Needs evaluation |
| rustc-1.85 | Needs evaluation |
| rustc-1.88 | Not in release |
| rustc-1.89 | Needs evaluation |
| rustc-1.91 | Needs evaluation |
| rustc-1.92 | Not in release |
| rustc-1.93 | Not in release |
| cargo | Not in release |
Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an...
19 affected packages
rustc, rustc-1.62, rustc-1.74, rustc-1.76, rustc-1.77...
| Package | 24.04 LTS |
|---|---|
| rustc | Needs evaluation |
| rustc-1.62 | Not in release |
| rustc-1.74 | Needs evaluation |
| rustc-1.76 | Needs evaluation |
| rustc-1.77 | Needs evaluation |
| rustc-1.78 | Needs evaluation |
| rustc-1.79 | Needs evaluation |
| rustc-1.80 | Needs evaluation |
| rustc-1.81 | Needs evaluation |
| rustc-1.82 | Needs evaluation |
| rustc-1.83 | Needs evaluation |
| rustc-1.84 | Needs evaluation |
| rustc-1.85 | Needs evaluation |
| rustc-1.88 | Not in release |
| rustc-1.89 | Needs evaluation |
| rustc-1.91 | Needs evaluation |
| rustc-1.92 | Not in release |
| rustc-1.93 | Not in release |
| cargo | Not in release |
action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability.
1 affected package
spip
| Package | 24.04 LTS |
|---|---|
| spip | Needs evaluation |
Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the...
1 affected package
wine
| Package | 24.04 LTS |
|---|---|
| wine | Needs evaluation |
A vulnerability has been found in Ettercap up to 0.8.3. The affected element is the function FUNC_DECODER of the file src/dissectors/ec_gg.c of the component GG Dissector. The manipulation of the argument gg leads to heap-based...
1 affected package
ettercap
| Package | 24.04 LTS |
|---|---|
| ettercap | Needs evaluation |
In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c.
1 affected package
gsasl
| Package | 24.04 LTS |
|---|---|
| gsasl | Needs evaluation |