Search CVE reports
11 – 20 of 43971 results
YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syck_base64dec. The base64 decoder in the bundled libsyck indexes the 256-entry static table b64_xtable with a signed...
1 affected package
libyaml-syck-perl
| Package | 22.04 LTS |
|---|---|
| libyaml-syck-perl | Needs evaluation |
XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The parserc_parse function attempts to check for multicharacter strings such as "<![CDATA" or element terminators such as ">" without checking...
1 affected package
libxml-bare-perl
| Package | 22.04 LTS |
|---|---|
| libxml-bare-perl | Needs evaluation |
A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal...
1 affected package
pipewire
| Package | 22.04 LTS |
|---|---|
| pipewire | Needs evaluation |
h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit 9265bdd, there is an HTTP/2 state amplification issue that combines HPACK decompression amplification with Slowloris-style stream stalling....
2 affected packages
h2o, dnsdist
| Package | 22.04 LTS |
|---|---|
| h2o | Needs evaluation |
| dnsdist | Not affected |
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. LISTRIGHTS os not limited to users with admin access. An authenticated user could call IMAP LISTRIGHTS against any mailbox they could name and learn what...
1 affected package
cyrus-imapd
| Package | 22.04 LTS |
|---|---|
| cyrus-imapd | Needs evaluation |
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is heap exposure in nested MIME comment parsing. An authenticated IMAP user could craft an email message containing an RFC 822 comment ending with...
1 affected package
cyrus-imapd
| Package | 22.04 LTS |
|---|---|
| cyrus-imapd | Needs evaluation |
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH does not honor revoked authorizer access. A URLAUTH URL minted while the authorizer had access continued to work after that access was revoked.
1 affected package
cyrus-imapd
| Package | 22.04 LTS |
|---|---|
| cyrus-imapd | Needs evaluation |
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. GENURLAUTH-issued tokens can bypass ACLs. Any authenticated user could mint a URLAUTH token (via the GENURLAUTH command) for any mailbox they could name, even...
1 affected package
cyrus-imapd
| Package | 22.04 LTS |
|---|---|
| cyrus-imapd | Needs evaluation |
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. URLAUTH token forgery can occur via a missing mboxkey. If an attacker knew a folder name on the victim's account for which the victim had never issued an auth...
1 affected package
cyrus-imapd
| Package | 22.04 LTS |
|---|---|
| cyrus-imapd | Needs evaluation |
An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. The LOCALDELETE command bypassed ACL checks. An authenticated but non-admin user could invoke the admin-only LOCALDELETE IMAP command and delete mailboxes for...
1 affected package
cyrus-imapd
| Package | 22.04 LTS |
|---|---|
| cyrus-imapd | Needs evaluation |