CVE-2023-24038
- EPSS 0.07%
- Published 21.01.2023 01:15:15
- Last modified 02.04.2025 16:15:32
The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes.
CVE-2023-24021
- EPSS 0.09%
- Published 20.01.2023 19:15:18
- Last modified 02.04.2025 17:15:34
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
CVE-2022-48279
- EPSS 0.51%
- Published 20.01.2023 19:15:17
- Last modified 03.07.2025 20:59:18
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C l...
CVE-2022-47950
- EPSS 0.18%
- Published 18.01.2023 17:15:10
- Last modified 04.04.2025 16:15:16
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthor...
CVE-2023-22809
- EPSS 50.16%
- Published 18.01.2023 17:15:10
- Last modified 04.04.2025 16:15:16
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to proce...
CVE-2022-47929
- EPSS 0.03%
- Published 17.01.2023 21:15:14
- Last modified 04.04.2025 18:15:43
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and...
- EPSS 1.77%
- Published 17.01.2023 10:15:11
- Last modified 21.11.2024 07:30:51
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-47...
- EPSS 0.69%
- Published 17.01.2023 10:15:11
- Last modified 04.04.2025 16:15:16
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. This vulnerability is different from CVE-2022-46...
CVE-2023-23589
- EPSS 0.24%
- Published 14.01.2023 01:15:15
- Last modified 07.04.2025 19:15:52
The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.
CVE-2023-23559
- EPSS 0.02%
- Published 13.01.2023 01:15:10
- Last modified 05.05.2025 16:15:30
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.