CVE-2023-24756
- EPSS 0.29%
- Veröffentlicht 01.03.2023 15:15:11
- Zuletzt bearbeitet 07.03.2025 21:15:16
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
CVE-2023-24757
- EPSS 0.29%
- Veröffentlicht 01.03.2023 15:15:11
- Zuletzt bearbeitet 07.03.2025 16:15:36
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
CVE-2023-24758
- EPSS 0.29%
- Veröffentlicht 01.03.2023 15:15:11
- Zuletzt bearbeitet 07.03.2025 21:15:16
libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file.
CVE-2023-25221
- EPSS 0.33%
- Veröffentlicht 01.03.2023 15:15:11
- Zuletzt bearbeitet 21.11.2024 07:49:20
Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc.
CVE-2023-27372
- EPSS 99.64%
- Veröffentlicht 28.02.2023 20:15:10
- Zuletzt bearbeitet 11.03.2025 15:15:38
SPIP before 4.2.1 allows Remote Code Execution via form values in the public area because serialization is mishandled. The fixed versions are 3.2.18, 4.0.10, 4.1.8, and 4.2.1.
CVE-2023-26545
- EPSS 0.33%
- Veröffentlicht 25.02.2023 04:15:10
- Zuletzt bearbeitet 25.06.2025 20:54:48
In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.
CVE-2023-23920
- EPSS 0.47%
- Veröffentlicht 23.02.2023 20:15:14
- Zuletzt bearbeitet 17.03.2025 19:15:19
An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.
CVE-2023-23916
- EPSS 1.7%
- Veröffentlicht 23.02.2023 20:15:13
- Zuletzt bearbeitet 12.03.2025 19:15:36
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms...
CVE-2023-26314
- EPSS 0.98%
- Veröffentlicht 22.02.2023 07:15:10
- Zuletzt bearbeitet 20.05.2026 02:16:34
The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.
CVE-2023-23009
- EPSS 1.61%
- Veröffentlicht 21.02.2023 16:15:11
- Zuletzt bearbeitet 17.03.2025 17:15:15
Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length.