CVE-2023-38545
- EPSS 78.48%
- Veröffentlicht 18.10.2023 04:15:11
- Zuletzt bearbeitet 12.05.2026 11:16:12
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length th...
CVE-2023-38552
- EPSS 1.11%
- Veröffentlicht 18.10.2023 04:15:11
- Zuletzt bearbeitet 03.11.2025 22:16:24
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity chec...
CVE-2023-39332
- EPSS 1.82%
- Veröffentlicht 18.10.2023 04:15:11
- Zuletzt bearbeitet 03.11.2025 22:16:25
Various `node:fs` functions allow specifying paths as either strings or `Uint8Array` objects. In Node.js environments, the `Buffer` class extends the `Uint8Array` class. Node.js prevents path traversal through strings (see CVE-2023-30584) and `Buffer...
CVE-2023-22084
- EPSS 1.78%
- Veröffentlicht 17.10.2023 22:15:13
- Zuletzt bearbeitet 22.01.2025 16:10:07
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high privileged attacker with network acce...
CVE-2023-45803
- EPSS 0.54%
- Veröffentlicht 17.10.2023 20:15:10
- Zuletzt bearbeitet 03.11.2025 22:16:28
urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response using status 301, 302, or 303 after the request had its method changed from one that could accept a req...
CVE-2023-39456
- EPSS 53.48%
- Veröffentlicht 17.10.2023 07:15:09
- Zuletzt bearbeitet 12.06.2025 15:15:31
Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.This issue affects Apache Traffic Server: from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 9.2.3, which fixes the issue.
CVE-2023-41752
- EPSS 1.22%
- Veröffentlicht 17.10.2023 07:15:09
- Zuletzt bearbeitet 12.06.2025 15:15:32
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.This issue affects Apache Traffic Server: from 8.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Users are recommended to upgrade to version 8.1.9 or 9.2....
CVE-2023-39999
- EPSS 1.05%
- Veröffentlicht 13.10.2023 12:15:09
- Zuletzt bearbeitet 21.11.2024 08:16:12
Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8 through 5.8.7, from 5.7 through 5.7.9, from 5.6 th...
CVE-2023-45143
- EPSS 1.22%
- Veröffentlicht 12.10.2023 17:15:10
- Zuletzt bearbeitet 21.11.2024 08:26:26
Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request head...
CVE-2023-43789
- EPSS 0.35%
- Veröffentlicht 12.10.2023 12:15:10
- Zuletzt bearbeitet 04.11.2025 20:17:07
A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system.