High CVE-2023-5480: Inappropriate implementation in Payments.
High CVE-2023-5482: Insufficient data validation in USB.
High CVE-2023-5849: Integer overflow in USB.
Medium CVE-2023-5850: Incorrect security UI in Downloads.
Medium CVE-2023-5851: Inappropriate implementation in Downloads.
Medium CVE-2023-5852: Use after free in Printing.
Medium CVE-2023-5853: Incorrect security UI in Downloads.
Medium CVE-2023-5854: Use after free in Profiles.
Medium CVE-2023-5855: Use after free in Reading Mode.
Medium CVE-2023-5856: Use after free in Side Panel.
Medium CVE-2023-5857: Inappropriate implementation in Downloads.
Low CVE-2023-5858: Inappropriate implementation in WebApp Provider.
Low CVE-2023-5859: Incorrect security UI in Picture In Picture.
High CVE-2023-5480: Inappropriate implementation in Payments.
High CVE-2023-5482: Insufficient data validation in USB.
High CVE-2023-5849: Integer overflow in USB.
Medium CVE-2023-5850: Incorrect security UI in Downloads.
Medium CVE-2023-5851: Inappropriate implementation in Downloads.
Medium CVE-2023-5852: Use after free in Printing.
Medium CVE-2023-5853: Incorrect security UI in Downloads.
Medium CVE-2023-5854: Use after free in Profiles.
Medium CVE-2023-5855: Use after free in Reading Mode.
Medium CVE-2023-5856: Use after free in Side Panel.
Medium CVE-2023-5857: Inappropriate implementation in Downloads.
Low CVE-2023-5858: Inappropriate implementation in WebApp Provider.
Low CVE-2023-5859: Incorrect security UI in Picture In Picture.
High CVE-2023-5480: Inappropriate implementation in Payments.
High CVE-2023-5482: Insufficient data validation in USB.
High CVE-2023-5849: Integer overflow in USB.
Medium CVE-2023-5850: Incorrect security UI in Downloads.
Medium CVE-2023-5851: Inappropriate implementation in Downloads.
Medium CVE-2023-5852: Use after free in Printing.
Medium CVE-2023-5853: Incorrect security UI in Downloads.
Medium CVE-2023-5854: Use after free in Profiles.
Medium CVE-2023-5855: Use after free in Reading Mode.
Medium CVE-2023-5856: Use after free in Side Panel.
Medium CVE-2023-5857: Inappropriate implementation in Downloads.
Low CVE-2023-5858: Inappropriate implementation in WebApp Provider.
Low CVE-2023-5859: Incorrect security UI in Picture In Picture.
High CVE-2023-5480: Inappropriate implementation in Payments.
High CVE-2023-5482: Insufficient data validation in USB.
High CVE-2023-5849: Integer overflow in USB.
Medium CVE-2023-5850: Incorrect security UI in Downloads.
Medium CVE-2023-5851: Inappropriate implementation in Downloads.
Medium CVE-2023-5852: Use after free in Printing.
Medium CVE-2023-5853: Incorrect security UI in Downloads.
Medium CVE-2023-5854: Use after free in Profiles.
Medium CVE-2023-5855: Use after free in Reading Mode.
Medium CVE-2023-5856: Use after free in Side Panel.
Medium CVE-2023-5857: Inappropriate implementation in Downloads.
Low CVE-2023-5858: Inappropriate implementation in WebApp Provider.
Low CVE-2023-5859: Incorrect security UI in Picture In Picture.
Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171)
Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital letters (#9166)
Fix PHP warnings (#9174)
Fix UI issue when dealing with an invalid managesieve_default_headers value (#9175)
Fix bug where images attached to application/smil messages weren’t displayed (#8870)
Fix PHP string replacement error in utils/error.php (#9185)
Fix regression where smtp_user did not allow pre/post strings before/after %u placeholder (#9162)
Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download
Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171)
Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital letters (#9166)
Fix PHP warnings (#9174)
Fix UI issue when dealing with an invalid managesieve_default_headers value (#9175)
Fix bug where images attached to application/smil messages weren’t displayed (#8870)
Fix PHP string replacement error in utils/error.php (#9185)
Fix regression where smtp_user did not allow pre/post strings before/after %u placeholder (#9162)
Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download
Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171)
Fix duplicated Inbox folder on IMAP servers that do not use Inbox folder with all capital letters (#9166)
Fix PHP warnings (#9174)
Fix UI issue when dealing with an invalid managesieve_default_headers value (#9175)
Fix bug where images attached to application/smil messages weren’t displayed (#8870)
Fix PHP string replacement error in utils/error.php (#9185)
Fix regression where smtp_user did not allow pre/post strings before/after %u placeholder (#9162)
Fix cross-site scripting (XSS) vulnerability in setting Content-Type/Content-Disposition for attachment preview/download
This vulnerability allows remote attackers to bypass authentication on Microsoft Azure. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.8.
This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.0. The following CVEs are assigned: CVE-2023-34044.
