Search CVE reports
931 – 940 of 36525 results
Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam...
1 affected package
dovecot
| Package | 24.04 LTS |
|---|---|
| dovecot | Needs evaluation |
Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and...
1 affected package
dovecot
| Package | 24.04 LTS |
|---|---|
| dovecot | Needs evaluation |
Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the client connection....
1 affected package
dovecot
| Package | 24.04 LTS |
|---|---|
| dovecot | Needs evaluation |
When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP injection attacks when used in...
1 affected package
dovecot
| Package | 24.04 LTS |
|---|---|
| dovecot | Not affected |
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a...
1 affected package
exim4
| Package | 24.04 LTS |
|---|---|
| exim4 | Fixed |
Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 24.04 LTS |
|---|---|
| dotnet6 | Not in release |
| dotnet7 | Not in release |
| dotnet8 | Fixed |
| dotnet9 | Not in release |
| dotnet10 | Fixed |
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 24.04 LTS |
|---|---|
| dotnet6 | Not in release |
| dotnet7 | Not in release |
| dotnet8 | Not affected |
| dotnet9 | Not in release |
| dotnet10 | Not affected |
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 24.04 LTS |
|---|---|
| dotnet6 | Not in release |
| dotnet7 | Not in release |
| dotnet8 | Not affected |
| dotnet9 | Not in release |
| dotnet10 | Not affected |
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable...
5 affected packages
dotnet6, dotnet7, dotnet8, dotnet9, dotnet10
| Package | 24.04 LTS |
|---|---|
| dotnet6 | Not in release |
| dotnet7 | Not in release |
| dotnet8 | Not affected |
| dotnet9 | Not in release |
| dotnet10 | Not affected |
Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suite utilities. In 1.1.5 and earlier, wireshark-mcp exposes a wireshark_export_objects MCP tool that accepts...
1 affected package
wireshark
| Package | 24.04 LTS |
|---|---|
| wireshark | Needs evaluation |