Search CVE reports
21 – 30 of 42760 results
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an ESEARCH cross-user content oracle. By using the ESEARCH command, an authenticated IMAP user could enumerate folder names under any account they could...
1 affected package
cyrus-imapd
| Package | 20.04 LTS |
|---|---|
| cyrus-imapd | Needs evaluation |
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The vacation "fcc" feature skips the destination-mailbox ACL. A user whose vacation Sieve script used :fcc (to save a copy of the sent message) could deliver...
1 affected package
cyrus-imapd
| Package | 20.04 LTS |
|---|---|
| cyrus-imapd | Needs evaluation |
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an XAPPLEPUSHSERVICE folder existence oracle and push hijack. An authenticated IMAP user could probe for the existence of arbitrary mailboxes on other...
1 affected package
cyrus-imapd
| Package | 20.04 LTS |
|---|---|
| cyrus-imapd | Needs evaluation |
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit 6b5370d, h2o is vulnerable to a Denial of Service attack when calling alloca under certain conditions. When serving static files, h2o builds the...
2 affected packages
h2o, dnsdist
| Package | 20.04 LTS |
|---|---|
| h2o | Needs evaluation |
| dnsdist | Not affected |
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit 8dc37cb, when h2o receives a ClientHello message over TLS or QUIC and it contains a zero-length SNI extension, the h2o server runs over...
2 affected packages
h2o, dnsdist
| Package | 20.04 LTS |
|---|---|
| h2o | Needs evaluation |
| dnsdist | Not affected |
Out-of-bounds write vulnerability in Legion of the Bouncy Castle Inc. BC-LTS bcprov-lts8on on ARM allows Overflow Buffers. This vulnerability is associated with program...
1 affected package
bouncycastle
| Package | 20.04 LTS |
|---|---|
| bouncycastle | Needs evaluation |
YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack. In the bundled libsyck, when an anchor name is redefined or...
1 affected package
libyaml-syck-perl
| Package | 20.04 LTS |
|---|---|
| libyaml-syck-perl | Needs evaluation |
XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes. The parserc_parse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping...
1 affected package
libxml-bare-perl
| Package | 20.04 LTS |
|---|---|
| libxml-bare-perl | Needs evaluation |
(ws before 8.21.1 contains a memory exhaustion vulnerability in lib/rec ...)
1 affected package
node-ws
| Package | 20.04 LTS |
|---|---|
| node-ws | Needs evaluation |
(Flameshot is powerful yet simple to use screenshot software. Prior to ...)
1 affected package
flameshot
| Package | 20.04 LTS |
|---|---|
| flameshot | Needs evaluation |