Search CVE reports
2171 – 2180 of 26183 results
A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were compromised, an attacker could cause the parser...
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 26.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Not affected |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| mozjs102 | Not in release |
| mozjs115 | Not in release |
Spoofing issue in Thunderbird. This vulnerability was fixed in Thunderbird 149 and Thunderbird 140.9.
9 affected packages
firefox, thunderbird, mozjs38, mozjs52, mozjs68...
| Package | 26.04 LTS |
|---|---|
| firefox | Not affected |
| thunderbird | Not affected |
| mozjs38 | Not in release |
| mozjs52 | Not in release |
| mozjs68 | Not in release |
| mozjs78 | Not in release |
| mozjs91 | Not in release |
| mozjs102 | Not in release |
| mozjs115 | Not in release |
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via...
1 affected package
nats-server
| Package | 26.04 LTS |
|---|---|
| nats-server | Needs evaluation |
fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. From version 4.0.0-beta.3 to before version 5.5.7, the DocTypeReader in fast-xml-parser uses JavaScript truthy checks to...
1 affected package
node-webfont
| Package | 26.04 LTS |
|---|---|
| node-webfont | Needs evaluation |
league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the...
1 affected package
php-league-commonmark
| Package | 26.04 LTS |
|---|---|
| php-league-commonmark | Vulnerable |
Zabbix Agent 2 Docker plugin does not properly sanitize the 'docker.container_info' parameters when forwarding them to the Docker daemon. An attacker capable of invoking Agent 2 can read arbitrary files from running Docker...
1 affected package
zabbix
| Package | 26.04 LTS |
|---|---|
| zabbix | Needs evaluation |
A low privilege Zabbix user with API access can exploit a blind SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL selects via the sortfield parameter. Although query results are not...
1 affected package
zabbix
| Package | 26.04 LTS |
|---|---|
| zabbix | Not affected |
Host and event action script input is validated with a regex (set by the administrator), but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users...
1 affected package
zabbix
| Package | 26.04 LTS |
|---|---|
| zabbix | Not affected |
For performance reasons Zabbix Server/Proxy reuses JavaScript (Duktape) contexts (used in script items, JavaScript reprocessing, Webhooks). This can lead to confidentiality loss where a regular (non-super) Zabbix administrator...
1 affected package
zabbix
| Package | 26.04 LTS |
|---|---|
| zabbix | Not affected |
LibVNCServer versions 0.9.15 and prior (fixed in commit dc78dee) contain null pointer dereference vulnerabilities in the HTTP proxy handlers within httpProcessInput() in httpd.c that allow remote attackers to cause a denial of...
6 affected packages
libvncserver, vino, x11vnc, veyon, italc, tightvnc
| Package | 26.04 LTS |
|---|---|
| libvncserver | Needs evaluation |
| vino | Not in release |
| x11vnc | Needs evaluation |
| veyon | Needs evaluation |
| italc | Not in release |
| tightvnc | Needs evaluation |