Search CVE reports
361 – 370 of 27411 results
Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1, or 3.0.0-alpha-2 or later,...
1 affected package
shiro
| Package | 26.04 LTS |
|---|---|
| shiro | Needs evaluation |
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, an unsanitized subject field in the draft restored value could lead to stored XSS/HTML/CSS injection on shared mailboxes.
1 affected package
roundcube
| Package | 26.04 LTS |
|---|---|
| roundcube | Needs evaluation |
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets (CSS) injection via an SVG document that has an animate element with the attributeName attribute.
1 affected package
roundcube
| Package | 26.04 LTS |
|---|---|
| roundcube | Needs evaluation |
Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass.
1 affected package
roundcube
| Package | 26.04 LTS |
|---|---|
| roundcube | Needs evaluation |
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var() value in an e-mail message, which may lead to information disclosure or access-control bypass.
1 affected package
roundcube
| Package | 26.04 LTS |
|---|---|
| roundcube | Needs evaluation |
In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation...
1 affected package
roundcube
| Package | 26.04 LTS |
|---|---|
| roundcube | Needs evaluation |
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has insecure code evaluation logic in LDAP the autovalues option that could lead to code injection. (Support for code evaluation has been removed in 1.6.16 and 1.7.1.)
1 affected package
roundcube
| Package | 26.04 LTS |
|---|---|
| roundcube | Needs evaluation |
Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links...
1 affected package
roundcube
| Package | 26.04 LTS |
|---|---|
| roundcube | Needs evaluation |
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1 has Pre-authentication SQL injection in the virtuser_query plugin via a preg_replace() backslash escape bypass.
1 affected package
roundcube
| Package | 26.04 LTS |
|---|---|
| roundcube | Needs evaluation |
Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override the source code of another crate from the same registry. The severity of the vulnerability...
19 affected packages
rustc, rustc-1.62, rustc-1.74, rustc-1.76, rustc-1.77...
| Package | 26.04 LTS |
|---|---|
| rustc | Not in release |
| rustc-1.62 | Not in release |
| rustc-1.74 | Not in release |
| rustc-1.76 | Not in release |
| rustc-1.77 | Not in release |
| rustc-1.78 | Not in release |
| rustc-1.79 | Not in release |
| rustc-1.80 | Not in release |
| rustc-1.81 | Not in release |
| rustc-1.82 | Not in release |
| rustc-1.83 | Not in release |
| rustc-1.84 | Not in release |
| rustc-1.85 | Not in release |
| rustc-1.88 | Not in release |
| rustc-1.89 | Not in release |
| rustc-1.91 | Needs evaluation |
| rustc-1.92 | Needs evaluation |
| rustc-1.93 | Needs evaluation |
| cargo | Not in release |