Search CVE reports
701 – 710 of 36830 results
Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass.
1 affected package
roundcube
| Package | 24.04 LTS |
|---|---|
| roundcube | Needs evaluation |
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var() value in an e-mail message, which may lead to information disclosure or access-control bypass.
1 affected package
roundcube
| Package | 24.04 LTS |
|---|---|
| roundcube | Needs evaluation |
In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation...
1 affected package
roundcube
| Package | 24.04 LTS |
|---|---|
| roundcube | Needs evaluation |
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been removed in 1.6.16 and 1.7.1.)
1 affected package
roundcube
| Package | 24.04 LTS |
|---|---|
| roundcube | Needs evaluation |
Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links...
1 affected package
roundcube
| Package | 24.04 LTS |
|---|---|
| roundcube | Needs evaluation |
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugin via a preg_replace() backslash escape bypass.
1 affected package
roundcube
| Package | 24.04 LTS |
|---|---|
| roundcube | Needs evaluation |
Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability...
19 affected packages
rustc, rustc-1.62, rustc-1.74, rustc-1.76, rustc-1.77...
| Package | 24.04 LTS |
|---|---|
| rustc | Needs evaluation |
| rustc-1.62 | Not in release |
| rustc-1.74 | Needs evaluation |
| rustc-1.76 | Needs evaluation |
| rustc-1.77 | Needs evaluation |
| rustc-1.78 | Needs evaluation |
| rustc-1.79 | Needs evaluation |
| rustc-1.80 | Needs evaluation |
| rustc-1.81 | Needs evaluation |
| rustc-1.82 | Needs evaluation |
| rustc-1.83 | Needs evaluation |
| rustc-1.84 | Needs evaluation |
| rustc-1.85 | Needs evaluation |
| rustc-1.88 | Not in release |
| rustc-1.89 | Needs evaluation |
| rustc-1.91 | Needs evaluation |
| rustc-1.92 | Not in release |
| rustc-1.93 | Not in release |
| cargo | Not in release |
Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol. If a hosting provider allowed multiple registries to be hosted with arbitrary names within the same domain, an...
19 affected packages
rustc, rustc-1.62, rustc-1.74, rustc-1.76, rustc-1.77...
| Package | 24.04 LTS |
|---|---|
| rustc | Needs evaluation |
| rustc-1.62 | Not in release |
| rustc-1.74 | Needs evaluation |
| rustc-1.76 | Needs evaluation |
| rustc-1.77 | Needs evaluation |
| rustc-1.78 | Needs evaluation |
| rustc-1.79 | Needs evaluation |
| rustc-1.80 | Needs evaluation |
| rustc-1.81 | Needs evaluation |
| rustc-1.82 | Needs evaluation |
| rustc-1.83 | Needs evaluation |
| rustc-1.84 | Needs evaluation |
| rustc-1.85 | Needs evaluation |
| rustc-1.88 | Not in release |
| rustc-1.89 | Needs evaluation |
| rustc-1.91 | Needs evaluation |
| rustc-1.92 | Not in release |
| rustc-1.93 | Not in release |
| cargo | Not in release |
action/cookie.php in ecrire in SPIP before 4.4.15 is prone to an open redirect vulnerability.
1 affected package
spip
| Package | 24.04 LTS |
|---|---|
| spip | Needs evaluation |
Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the...
1 affected package
wine
| Package | 24.04 LTS |
|---|---|
| wine | Needs evaluation |