1019 matches found
CVE-2026-40094
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and prior, network-libp2p discovery accepts signed PeerContact updates from untrusted peers and stores them in a peer contact book, eventually leading to address book crash. A PeerContact can...
CVE-2026-40094 nimiq-blockchain: network-libp2p untrusted peer can crash address book via empty peer contact addresses
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and prior, network-libp2p discovery accepts signed PeerContact updates from untrusted peers and stores them in a peer contact book, eventually leading to address book crash. A PeerContact can...
CVE-2026-40094
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and prior, network-libp2p discovery accepts signed PeerContact updates from untrusted peers and stores them in a peer contact book, eventually leading to address book crash. A PeerContact can...
EUVD-2026-31195
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and prior, network-libp2p discovery accepts signed PeerContact updates from untrusted peers and stores them in a peer contact book, eventually leading to address book crash. A PeerContact can...
CVE-2026-40094
The CVE affects nimiq-blockchain (Rust). In versions up to 1.3.0, network-libp2p discovery accepts signed PeerContact updates from untrusted peers and stores them in a peer contact book; a PeerContact can have an empty addresses list. PeerContactBook::known_peers then builds the address book usin...
CVE-2026-40094 nimiq-blockchain: network-libp2p untrusted peer can crash address book via empty peer contact addresses
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and prior, network-libp2p discovery accepts signed PeerContact updates from untrusted peers and stores them in a peer contact book, eventually leading to address book crash. A PeerContact can...
PT-2026-42268
nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and prior, network-libp2p discovery accepts signed PeerContact updates from untrusted peers and stores them in a peer contact book, eventually leading to address book crash. A PeerContact can...
Nimiq 代码问题漏洞
Nimiq is an open-source implementation of the Albatross protocol in Rust. Versions of Nimiq 1.3.0 and earlier have code vulnerabilities. These vulnerabilities stem from the network discovery process, which accepts signature updates from untrusted peer nodes. When PeerContact contains an empty...
OESA-2026-2354 evolution-data-server security update
The evolution-data-server package provides a personal information management application that provides integrated mail, calendaring and address book functionality. The evolution-data-server package provides a single database for common, desktop-wide information, such as a user's address book or...
Astra Linux - уязвимость в thunderbird
The Thunderbird Address Book’s URI fields contained unsanitized links. Attackers could use these links to create and export an address book containing malicious payloads in certain fields. For example, in the “Other” field of the Instant Messaging section. If another user imported the address boo...
Exploit for Insufficiently Protected Credentials in Kyocera Net_Viewer
KyoceraCredsDump - CVE-2022-1026 - Based on the original explo...
SUSE CVE-2025-1015
The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...
CVE-2026-33755 Authenticated SQL Injection in Contact/query addressBookIds filter
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP Contact/query endpoint allows any authenticated user with basic addressbook access to extract arbitrary data...
CVE-2026-33755 Authenticated SQL Injection in Contact/query addressBookIds filter
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP Contact/query endpoint allows any authenticated user with basic addressbook access to extract arbitrary data...
CVE-2026-33755 Authenticated SQL Injection in Contact/query addressBookIds filter
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.158, 25.0.92, and 26.0.17, an authenticated SQL Injection vulnerability in the JMAP Contact/query endpoint allows any authenticated user with basic addressbook access to extract arbitrary data...
CVE-2026-33755
Group-Office (enterprise CRM/groupware) has an authenticated SQL Injection in the JMAP Contact/query endpoint affecting versions before 6.8.158, 25.0.92, and 26.0.17. An authenticated user with basic addressbook access can extract arbitrary data from the database, including active session tokens ...
Debian dla-4503 : evolution-data-server - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4503 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4503-1 [email protected] https://www.debian.org/lts/security/...
CVE-2026-30796
Cleartext Transmission of Sensitive Information vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Address book sync API modules allows Sniffing Attacks. This vulnerability is associated with program files Closed source — API endpoint handling...
Medium: evolution-data-server
Issue Overview: The Evolution backend server exposes the D-Bus service org.gnome.evolution.dataserver.AddressBook, that can be used in order to manage contacts. A Flatpak application with access to this D-Bus service can exploit this issue in order to gain arbitrary file deletion on the host...
CVE-2026-30796
Cleartext Transmission of Sensitive Information vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Address book sync API modules allows Sniffing Attacks. This vulnerability is associated with program files Closed source — API endpoint handling...