Search CVE reports
1 – 10 of 48358 results
An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password authentication plugin is installed, and some user accounts are configured to use...
5 affected packages
mariadb, mariadb-10.0, mariadb-10.1, mariadb-10.3, mariadb-10.6
| Package | 16.04 LTS |
|---|---|
| mariadb | — |
| mariadb-10.0 | Needs evaluation |
| mariadb-10.1 | — |
| mariadb-10.3 | — |
| mariadb-10.6 | — |
An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This...
1 affected package
roundcube
| Package | 16.04 LTS |
|---|---|
| roundcube | Needs evaluation |
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important.
1 affected package
roundcube
| Package | 16.04 LTS |
|---|---|
| roundcube | Needs evaluation |
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content (with animate attributes) in an e-mail message. This may lead to information disclosure or...
1 affected package
roundcube
| Package | 16.04 LTS |
|---|---|
| roundcube | Needs evaluation |
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background attribute of a BODY element in an e-mail message. This may lead to information...
1 affected package
roundcube
| Package | 16.04 LTS |
|---|---|
| roundcube | Needs evaluation |
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confusion that allows a password change without knowing the old password.
1 affected package
roundcube
| Package | 16.04 LTS |
|---|---|
| roundcube | Needs evaluation |
An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local...
1 affected package
roundcube
| Package | 16.04 LTS |
|---|---|
| roundcube | Needs evaluation |
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment.
1 affected package
roundcube
| Package | 16.04 LTS |
|---|---|
| roundcube | Needs evaluation |
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search.
1 affected package
roundcube
| Package | 16.04 LTS |
|---|---|
| roundcube | Needs evaluation |
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data.
1 affected package
roundcube
| Package | 16.04 LTS |
|---|---|
| roundcube | Needs evaluation |