Search CVE reports
21 – 30 of 37165 results
v2.4/v3.1 regression: SQL injection allows bypassing authentication. Dovecot SQL based authentication can be bypassed when auth_username_chars is cleared by admin. This vulnerability allows bypassing authentication for any user...
1 affected package
dovecot
| Package | 22.04 LTS |
|---|---|
| dovecot | Not affected |
auth: Path traversal in passwd-file passdb using `%d` (domain) escapes base directory and opens `/etc/passwd`Pre-auth path traversal in passwd-file passdb using `%d` (domain) escapes base directory and opens `/etc/passwd`. When...
1 affected package
dovecot
| Package | 22.04 LTS |
|---|---|
| dovecot | Vulnerable |
Not in release
Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code
1 affected package
plexus-utils
| Package | 22.04 LTS |
|---|---|
| plexus-utils | Not in release |
v2.4/v3.1 regression: Pigeonhole: ManageSieve panic occurs with sieve-connect as a client. ManageSieve AUTHENTICATE command crashes when using literal as ASL initial response. This can be used to crash ManageSieve service...
1 affected package
dovecot
| Package | 22.04 LTS |
|---|---|
| dovecot | Vulnerable |
decode2text.sh OOXML extraction may follow symlinks and read unintended files during indexing. Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker...
1 affected package
dovecot
| Package | 22.04 LTS |
|---|---|
| dovecot | Vulnerable |
Invalid base64 authentication can cause DoS for other logins. When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can...
1 affected package
dovecot
| Package | 22.04 LTS |
|---|---|
| dovecot | Not affected |
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an...
5 affected packages
tiff, qtwebengine-opensource-src, texmaker, gdal, neuron
| Package | 22.04 LTS |
|---|---|
| tiff | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation |
| texmaker | Needs evaluation |
| gdal | Not affected |
| neuron | Needs evaluation |
NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0.
1 affected package
tmate
| Package | 22.04 LTS |
|---|---|
| tmate | Needs evaluation |
Memory safety bugs present in Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 22.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Vulnerable |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Ignored |
| mozjs91 | Ignored |
| mozjs102 | Ignored |
| mozjs115 | Not in release |
Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability affects Firefox < 149 and Thunderbird < 149.
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 22.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Vulnerable |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Ignored |
| mozjs91 | Ignored |
| mozjs102 | Ignored |
| mozjs115 | Not in release |