CVE-2023-42811
- EPSS 0.26%
- Veröffentlicht 22.09.2023 16:15:10
- Zuletzt bearbeitet 21.11.2024 08:23:15
aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag ver...
CVE-2023-5002
- EPSS 1.47%
- Veröffentlicht 22.09.2023 14:15:47
- Zuletzt bearbeitet 17.03.2025 16:43:52
A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server ...
CVE-2023-43090
- EPSS 0.31%
- Veröffentlicht 22.09.2023 06:15:09
- Zuletzt bearbeitet 21.11.2024 08:23:42
A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool.
- EPSS 0.66%
- Veröffentlicht 21.09.2023 23:15:12
- Zuletzt bearbeitet 04.11.2025 17:15:41
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in...
CVE-2023-41993
- EPSS 29.18%
- Veröffentlicht 21.09.2023 19:15:11
- Zuletzt bearbeitet 05.11.2025 19:17:52
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS bef...
CVE-2023-43669
- EPSS 1.62%
- Veröffentlicht 21.09.2023 06:15:13
- Zuletzt bearbeitet 21.11.2024 08:24:35
The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempte...
CVE-2023-4236
- EPSS 2.15%
- Veröffentlicht 20.09.2023 13:15:12
- Zuletzt bearbeitet 21.11.2024 08:34:41
A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This iss...
CVE-2023-3341
- EPSS 2.63%
- Veröffentlicht 20.09.2023 13:15:11
- Zuletzt bearbeitet 02.12.2025 21:15:51
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-p...
CVE-2023-4527
- EPSS 1.51%
- Veröffentlicht 18.09.2023 17:15:55
- Zuletzt bearbeitet 12.05.2026 11:16:15
A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack con...
CVE-2023-4806
- EPSS 1.44%
- Veröffentlicht 18.09.2023 17:15:55
- Zuletzt bearbeitet 12.05.2026 11:16:15
A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethos...