CVE-2026-48846

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...

Astra Linux - уязвимость в libcroco

The crtknzrparsecomment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service memory allocation error through a crafted CSS file...

Astra Linux - уязвимость в libcroco

The crparserparseselectorcore function in cr-parser.c within libcroco 0.6.12 allows remote attackers to cause a denial of service infinite loop and CPU consumption through a crafted CSS file...

CVE-2026-41305

A flaw was found in PostCSS. This vulnerability allows a remote attacker to perform Cross-Site Scripting XSS by submitting specially crafted CSS. When PostCSS processes and re-stringifies this CSS for embedding within HTML sequences. This oversight enables the injected...

EUVD-2017-17776

Malware in sbrugna...

EUVD-2017-16822

Malware in sbrugna...

CVE-2021-46144

Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets CSS token sequences...

The vulnerability in the cr_tknzr_parse_comment function of the cr-tknzr.c component, a library for working with cascading tables in CSS2 Libcroco, allows a hacker to cause a service failure.

The vulnerability of the crtknzrparsecomment function in the cr-tknzr.c component of the Libcroco library for working with cascading tables in css2 is related to the execution of an operation outside the buffer in memory. Exploiting this vulnerability could allow a malicious actor to cause servic...

DEBIAN-CVE-2023-44270

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...

UBUNTU-CVE-2023-44270

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...

SUSE CVE-2017-7961

The crtknzrparsergb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a...

SUSE CVE-2017-8871

The crparserparseselectorcore function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted CSS file...

Roundcube Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in versions prior to Roundcube 1.4.11, which can be exploited by an attacker with carefully constructed CSS displayed in an HTML email...

SUSE SLED15 / SLES15 Security Update : libcroco (SUSE-SU-2020:1535-1)

This update for libcroco fixes the following issues : Security issues fixed : CVE-2017-8834: Fixed denial of service memory allocation error via a crafted CSS file bsc1043898. CVE-2017-8871: Fixed denial of service infinite loop and CPU consumption via a crafted CSS file bsc1043899. Note that...

OPENSUSE-SU-2020:0780-1 Security update for libcroco

This update for libcroco fixes the following issues: Security issues fixed: - CVE-2017-8834: Fixed denial of service memory allocation error via a crafted CSS file bsc1043898. - CVE-2017-8871: Fixed denial of service infinite loop and CPU consumption via a crafted CSS file bsc1043899. This update...

EulerOS 2.0 SP3 : libcroco (EulerOS-SA-2019-2605)

According to the versions of the libcroco package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This package provides the necessary development libraries and include files to allow you to develop with libcroco.Security Fixes:The...

Updated libcroco packages fix security vulnerability

Updated libcroco packages fix security vulnerabilities: Heap overflow input: check end of input before reading a byte CVE-2017-7960. Undefined behavior tknzr: support only max long rgb values CVE-2017-7961. Denial of service memory allocation error via a crafted CSS file CVE-2017-8834. Denial of...

openSUSE Security Update : libcroco (openSUSE-2019-1575)

This update for libcroco fixes the following issues : Security issues fixed : - CVE-2017-7960: Fixed heap overflow input: check end of input before reading a byte bsc1034481. - CVE-2017-7961: Fixed undefined behavior tknzr: support only max long rgb values bsc1034482. - CVE-2017-8834: Fixed denia...

Information Disclosure

Mozilla Thunderbird is vulnerable to information disclosure. Attackers can use a crafted CSS in an RSS feed that would leak and reveal local path strings, which may contain user name...

CVE-2017-7847

Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird 52.5.2...