CVE-2026-48846

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...

Astra Linux - уязвимость в libcroco

The crtknzrparsecomment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service memory allocation error through a crafted CSS file...

Astra Linux - уязвимость в libcroco

The crparserparseselectorcore function in cr-parser.c within libcroco 0.6.12 allows remote attackers to cause a denial of service infinite loop and CPU consumption through a crafted CSS file...

CVE-2026-41305

A flaw was found in PostCSS. This vulnerability allows a remote attacker to perform Cross-Site Scripting XSS by submitting specially crafted CSS. When PostCSS processes and re-stringifies this CSS for embedding within HTML sequences. This oversight enables the injected...

EUVD-2017-17776

Malware in sbrugna...

EUVD-2017-16822

Malware in sbrugna...

CVE-2021-46144

Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets CSS token sequences...

DEBIAN-CVE-2023-44270

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...

UBUNTU-CVE-2023-44270

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the...

SUSE CVE-2017-7961

The crtknzrparsergb function in cr-tknzr.c in libcroco 0.6.11 and 0.6.12 has an "outside the range of representable values of type long" undefined behavior issue, which might allow remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a...

SUSE CVE-2017-8871

The crparserparseselectorcore function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service infinite loop and CPU consumption via a crafted CSS file...

Roundcube Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in versions prior to Roundcube 1.4.11, which can be exploited by an attacker with carefully constructed CSS displayed in an HTML email...

SUSE SLED15 / SLES15 Security Update : libcroco (SUSE-SU-2020:1535-1)

This update for libcroco fixes the following issues : Security issues fixed : CVE-2017-8834: Fixed denial of service memory allocation error via a crafted CSS file bsc1043898. CVE-2017-8871: Fixed denial of service infinite loop and CPU consumption via a crafted CSS file bsc1043899. Note that...

OPENSUSE-SU-2020:0780-1 Security update for libcroco

This update for libcroco fixes the following issues: Security issues fixed: - CVE-2017-8834: Fixed denial of service memory allocation error via a crafted CSS file bsc1043898. - CVE-2017-8871: Fixed denial of service infinite loop and CPU consumption via a crafted CSS file bsc1043899. This update...

EulerOS 2.0 SP3 : libcroco (EulerOS-SA-2019-2605)

According to the versions of the libcroco package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This package provides the necessary development libraries and include files to allow you to develop with libcroco.Security Fixes:The...

Updated libcroco packages fix security vulnerability

Updated libcroco packages fix security vulnerabilities: Heap overflow input: check end of input before reading a byte CVE-2017-7960. Undefined behavior tknzr: support only max long rgb values CVE-2017-7961. Denial of service memory allocation error via a crafted CSS file CVE-2017-8834. Denial of...

openSUSE Security Update : libcroco (openSUSE-2019-1575)

This update for libcroco fixes the following issues : Security issues fixed : - CVE-2017-7960: Fixed heap overflow input: check end of input before reading a byte bsc1034481. - CVE-2017-7961: Fixed undefined behavior tknzr: support only max long rgb values bsc1034482. - CVE-2017-8834: Fixed denia...

Information Disclosure

Mozilla Thunderbird is vulnerable to information disclosure. Attackers can use a crafted CSS in an RSS feed that would leak and reveal local path strings, which may contain user name...

CVE-2017-7847

Crafted CSS in an RSS feed can leak and reveal local path strings, which may contain user name. This vulnerability affects Thunderbird 52.5.2...

Mozilla Patches Critical Bug in Thunderbird

Mozilla issued a critical security update to its popular open-source Thunderbird email client. The patch was part of a December release of five fixes that included two bugs rated high and one rated moderate and another low. Mozilla said Thunderbird, which is also serves as a news, RSS and chat...