18 matches found
Roundcube Webmail Multiple Vulnerabilities (Dec 2025) - Linux
Roundcube Webmail is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:roundcube:webmail";...
CVE-2024-42486
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...
BIT-HUBBLE-RELAY-2024-42486 Cilium vulnerable to information leakage via incorrect ReferenceGrant update logic in Gateway API
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In versions on the 1.15.x branch prior to 1.15.8 and the 1.16.x branch prior to 1.16.1, ReferenceGrant changes are not correctly propagated in Cilium's GatewayAPI controller, which could lead to Gateway...
BIT-GOLANG-2021-27919
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...
CVE-2022-4727
The CVE-2022-4727 entry concerns OpenMRS Appointment Scheduling Module (versions up to 1.16.x). The vulnerability lies in the getNotes function of AppointmentRequest.java (Notes Handler), where manipulating the notes argument enables cross-site scripting. It can be triggered remotely. A fix is av...
openSUSE 15 Security Update : go1.15 (openSUSE-SU-2021:1207-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1207-1 advisory. - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler...
CVE-2021-33197
In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy from net/http/httputil result in a situation where an attacker is able to drop arbitrary headers...
CVE-2021-27919
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...
Design/Logic Flaw
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...
CVE-2021-27919
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...
Design/Logic Flaw
encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader for xml.NewTokenDecoder returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method...
CVE-2021-27919
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...
CVE-2021-27919
CVE-2021-27919 affects the Go standard library archive/zip: parsing ZIP archives where a filename begins with ../ can trigger a panic/denial of service in Go 1.16.x prior to 1.16.1 due to an unsafe Reader.Open path handling. Affected product: Go (archive/zip). Root cause: insufficient validation ...
CVE-2021-27919
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service panic upon attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any filename...
Design/Logic Flaw
Array index error in LightDM aka Light Display Manager 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service process crash via an XDMCP request packet with no address...
UBUNTU-CVE-2015-8316
Array index error in LightDM aka Light Display Manager 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service process crash via an XDMCP request packet with no address...
CVE-2015-8316
Array index error in LightDM aka Light Display Manager 1.14.3, 1.16.x before 1.16.6 when the XDMCP server is enabled allows remote attackers to cause a denial of service process crash via an XDMCP request packet with no address...
CVE-2015-3164
The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket...