FreeBSD : cyrus-imapd -- Remote authenticated users could bypass intended access restrictions on certain server annotations. (12156786-b18a-11eb-8cba-080027b00c2e)

Cyrus IMAP 3.4.1 Release Notes states : Fixed CVE-2021-32056: Remote authenticated users could bypass intended access restrictions on certain server annotations. Additionally, a long-standing bug in replication did not allow server annotations to be replicated. Combining these two bugs, a remote...

CVE-2021-32056

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall...

CVE-2021-32056

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall...

CVE-2021-32056

CVE-2021-32056 affects Cyrus IMAP: vulnerable are Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1. Root cause: remote authenticated users can bypass server-annotation access restrictions, causing replication to stall. Remediation: upgrade Cyrus IMAP to 3.2.7 or to 3.4.1 (or later). No e...

CVE-2021-32056

Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to bypass intended access restrictions on server annotations and consequently cause replication to stall...

Foxit Reader for Windows 资源管理错误漏洞

Foxit Reader for Windows is a Windows-based PDF document reader from the Chinese company Foxit. Foxit Reader for Windows suffers from a resource management error vulnerability that originates from an error when handling certain XFA forms or annotation objects. A remote attacker could exploit the...

[SECURITY] Fedora 32 Update: pngcheck-2.4.0-8.fc32

pngcheck verifies the integrity of PNG, JNG and MNG files by checking the internal 32-bit CRCs checksums and decompressing the image data; it can optionally dump almost all of the chunk-level information in the image in human-readable form. For example, it can be used to print the basic statist i...

[SECURITY] Fedora 33 Update: pngcheck-2.4.0-8.fc33

pngcheck verifies the integrity of PNG, JNG and MNG files by checking the internal 32-bit CRCs checksums and decompressing the image data; it can optionally dump almost all of the chunk-level information in the image in human-readable form. For example, it can be used to print the basic statist i...

PT-2021-4099 · Unknown +1 · Cyrus Imap +1

Name of the Vulnerable Software and Affected Versions: Cyrus IMAP versions 3.2.7 and earlier, 3.3.x, and 3.4.x before 3.4.1 Description: The issue allows remote authenticated users to bypass intended access restrictions on server annotations, which can cause replication to stall. This is related ...

cyrus-imapd -- Remote authenticated users could bypass intended access restrictions on certain server annotations.

Cyrus IMAP 3.4.1 Release Notes states: Fixed CVE-2021-32056: Remote authenticated users could bypass intended access restrictions on certain server annotations. Additionally, a long-standing bug in replication did not allow server annotations to be replicated. Combining these two bugs, a remote...

CVE-2021-23382

The package postcss before 8.2.13 are vulnerable to Regular Expression Denial of Service ReDoS via getAnnotationURL and loadAnnotation in lib/previous-map.js. The vulnerable regexes are caused mainly by the sub-pattern /\s sourceMappingURL=...

[SECURITY] Fedora 32 Update: jackson-databind-2.10.5.1-1.fc32

The general-purpose data-binding functionality and tree-model for Jackson D ata Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration...

Fedora 32 : python-py (2020-db0eb54982)

1.10.0 2020-12-12 - Fix a regular expression DoS vulnerability in the py.path.svnwc SVN blame functionality CVE-2020-29651 - Update vendored apipkg: 1.4 = 1.5 - Update vendored iniconfig: 1.0.0 = 1.1.1 1.9.0 2020-06-24 - Add type annotation stubs for the following modules : - py.error -...

SolarWinds Database Performance Analyzer Cross-Site Scripting Vulnerability

SolarWinds Database Performance Analyzer is a set of database performance analyzers from SolarWinds Solarwinds, USA. The product is used for SQL query performance monitoring, analysis and tuning and so on. A cross-site scripting vulnerability exists in SolarWinds Database Performance Analyzer DPA...

Cron Utils Injection Vulnerability

Cron Utils is a Java codebase for authenticating, parsing, and migrating Cron expressions from the individual developers at Jmrozanec. An injection vulnerability exists in Cron-utils versions prior to 9.1.3, which can be exploited by an attacker to be able to inject arbitrary Java EL expressions,...

Red Hat Hibernate ORM SQL Injection Vulnerability

Red Hat Hibernate ORM is an object/relational mapping ORM framework for writing applications from Red Hat. Hibernate ORM suffers from a SQL injection vulnerability that can be exploited by an attacker to read or modify data via annotations in Hibernate ORM using SQL injection...

jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

GitLab: Insufficient Type Check leading to Developer ability to delete Project, Repository, Group, ...

Summary Similar bug to 858671, but this time with annotations mutation: DeleteAnnotation in app/graphql/mutations/metrics/dashboard/annotations/base.rb ruby module Mutations module Metrics module Dashboard module Annotations class Base " clientMutationId 3. Project disappear along with Repository...

jenkins-script-security-plugin: sandbox protection bypass during script compilation phase by applying AST transforming annotations

Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations...

Remote Code Execution (RCE)

jenkins-script-security-plugin is vulnerabl to sandbox protection bypass during script compilation phase by applying AST transforming annotations...