Search CVE reports
21 – 30 of 30790 results
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an ESEARCH cross-user content oracle. By using the ESEARCH command, an authenticated IMAP user could enumerate folder names under any account they could...
1 affected package
cyrus-imapd
| Package | 26.04 LTS |
|---|---|
| cyrus-imapd | Needs evaluation |
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The vacation "fcc" feature skips the destination-mailbox ACL. A user whose vacation Sieve script used :fcc (to save a copy of the sent message) could deliver...
1 affected package
cyrus-imapd
| Package | 26.04 LTS |
|---|---|
| cyrus-imapd | Needs evaluation |
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an XAPPLEPUSHSERVICE folder existence oracle and push hijack. An authenticated IMAP user could probe for the existence of arbitrary mailboxes on other...
1 affected package
cyrus-imapd
| Package | 26.04 LTS |
|---|---|
| cyrus-imapd | Needs evaluation |
Dasel is a command-line tool and library for querying, modifying, and transforming data structures. From 3.0.0 until 3.10.1, the selector lexer matchRegexPattern closure in (*Tokenizer).parseCurRune in selector/lexer/tokenize.go...
1 affected package
dasel
| Package | 26.04 LTS |
|---|---|
| dasel | Needs evaluation |
Dasel is a command-line tool and library for querying, modifying, and transforming data structures. From 3.0.0 until 3.10.1, the escape sequence handler in (*Tokenizer).parseCurRune in selector/lexer/tokenize.go increments past a...
1 affected package
dasel
| Package | 26.04 LTS |
|---|---|
| dasel | Needs evaluation |
PyMdown Extensions is a set of extensions for the Python-Markdown markdown project. From 10.0.1 until 10.21.3, pymdownx.snippets uses a string-prefix containment check in SnippetPreprocessor.get_snippet_path()...
1 affected package
pymdown-extensions
| Package | 26.04 LTS |
|---|---|
| pymdown-extensions | Needs evaluation |
CrowdSec offers crowdsourced protection against malicious IPs. From 1.5.0 until 1.7.8, pkg/appsec/request.go NewParsedRequestFromRequest allocated a request body buffer from max(r.ContentLength, 0), so HTTP/1.1 requests using...
1 affected package
crowdsec
| Package | 26.04 LTS |
|---|---|
| crowdsec | Needs evaluation |
CrowdSec offers crowdsourced protection against malicious IPs. From 1.7.0 until 1.7.8, the LAPI router used gin-contrib/gzip with DefaultDecompressHandle globally in pkg/apiserver/controllers/controller.go, causing /v1/watchers...
1 affected package
crowdsec
| Package | 26.04 LTS |
|---|---|
| crowdsec | Needs evaluation |
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit 6b5370d, h2o is vulnerable to a Denial of Service attack when calling alloca under certain conditions. When serving static files, h2o builds the...
2 affected packages
h2o, dnsdist
| Package | 26.04 LTS |
|---|---|
| h2o | Not in release |
| dnsdist | Not affected |
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit 8dc37cb, when h2o receives a ClientHello message over TLS or QUIC and it contains a zero-length SNI extension, the h2o server runs over...
2 affected packages
h2o, dnsdist
| Package | 26.04 LTS |
|---|---|
| h2o | Not in release |
| dnsdist | Not affected |