CVE-2022-48337
- EPSS 1.6%
- Veröffentlicht 20.02.2023 23:15:12
- Zuletzt bearbeitet 18.03.2025 16:15:14
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may u...
CVE-2023-24998
- EPSS 46.84%
- Veröffentlicht 20.02.2023 16:15:10
- Zuletzt bearbeitet 03.11.2025 22:16:05
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limi...
CVE-2023-0361
- EPSS 1.4%
- Veröffentlicht 15.02.2023 18:15:11
- Zuletzt bearbeitet 19.03.2025 18:15:18
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a s...
CVE-2023-24580
- EPSS 62.58%
- Veröffentlicht 15.02.2023 01:15:10
- Zuletzt bearbeitet 18.03.2025 20:15:18
An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory...
CVE-2023-25725
- EPSS 5.49%
- Veröffentlicht 14.02.2023 19:15:11
- Zuletzt bearbeitet 20.03.2025 20:15:29
HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to trunca...
CVE-2023-0770
- EPSS 0.39%
- Veröffentlicht 09.02.2023 22:15:11
- Zuletzt bearbeitet 21.11.2024 07:37:47
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.
CVE-2023-22795
- EPSS 2.28%
- Veröffentlicht 09.02.2023 20:15:11
- Zuletzt bearbeitet 21.11.2024 07:45:26
A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtrac...
CVE-2023-23969
- EPSS 47.1%
- Veröffentlicht 01.02.2023 19:15:08
- Zuletzt bearbeitet 27.03.2025 15:15:45
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the ra...
- EPSS 3.7%
- Veröffentlicht 30.01.2023 14:15:10
- Zuletzt bearbeitet 24.10.2025 13:54:46
A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the syst...
CVE-2020-36659
- EPSS 0.42%
- Veröffentlicht 27.01.2023 05:15:17
- Zuletzt bearbeitet 03.04.2025 13:15:40
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example...