CVE-2020-36658
- EPSS 0.44%
- Veröffentlicht 27.01.2023 05:15:12
- Zuletzt bearbeitet 28.03.2025 18:15:15
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fix...
CVE-2022-47951
- EPSS 1.03%
- Veröffentlicht 26.01.2023 22:15:25
- Zuletzt bearbeitet 31.03.2025 17:15:39
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image ...
CVE-2023-0412
- EPSS 0.83%
- Veröffentlicht 26.01.2023 21:18:07
- Zuletzt bearbeitet 03.11.2025 22:16:02
TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
CVE-2022-48281
- EPSS 0.46%
- Veröffentlicht 23.01.2023 03:15:09
- Zuletzt bearbeitet 03.04.2025 14:15:23
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.
CVE-2023-24038
- EPSS 1.12%
- Veröffentlicht 21.01.2023 01:15:15
- Zuletzt bearbeitet 02.04.2025 16:15:32
The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes.
CVE-2023-24021
- EPSS 0.91%
- Veröffentlicht 20.01.2023 19:15:18
- Zuletzt bearbeitet 02.04.2025 17:15:34
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
CVE-2022-48279
- EPSS 1.17%
- Veröffentlicht 20.01.2023 19:15:17
- Zuletzt bearbeitet 03.07.2025 20:59:18
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall. NOTE: this is related to CVE-2022-39956 but can be considered independent changes to the ModSecurity (C l...
CVE-2022-47950
- EPSS 1%
- Veröffentlicht 18.01.2023 17:15:10
- Zuletzt bearbeitet 04.04.2025 16:15:16
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. By supplying crafted XML files, an authenticated user may coerce the S3 API into returning arbitrary file contents from the host server, resulting in unauthor...
CVE-2023-22809
- EPSS 55.37%
- Veröffentlicht 18.01.2023 17:15:10
- Zuletzt bearbeitet 04.04.2025 16:15:16
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to proce...
CVE-2022-47929
- EPSS 0.96%
- Veröffentlicht 17.01.2023 21:15:14
- Zuletzt bearbeitet 04.04.2025 18:15:43
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and...