Search CVE reports

An issue in provider/libserver/ECKrbAuth.cpp of Kopano Core <= v11.0.2.51 contains an issue which allows attackers to authenticate even if the user account or password is expired. It also exists in the predecessor...

Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content....

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is...

Off-by-one Error in GitHub repository v2fly/v2ray-core prior to 4.44.0.

A stack-based buffer overflow in handle_request function in DHT.c in toxcore 0.1.9 through 0.1.11 and 0.2.0 through 0.2.12 (caused by an improper length calculation during the handling of received network packets) allows remote...

The Onion module in toxcore before 0.2.2 doesn't restrict which packets can be onion-routed, which allows a remote attacker to discover a target user's IP address (when knowing only their Tox Id) by positioning themselves close to...

The TCP Server module in toxcore before 0.2.8 doesn't free the TCP priority queue under certain conditions, which allows a remote attacker to exhaust the system's memory, causing a denial of service (DoS).

A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts...

kopano-ical (formerly zarafa-ical) in Kopano Groupware Core through 8.7.16, 9.x through 9.1.0, 10.x through 10.0.7, and 11.x through 11.0.1 and Zarafa 6.30.x through 7.2.x allows memory exhaustion via long HTTP headers.

The package underscore from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Injection via the template function, particularly when a variable property is passed as an argument as it is...