CVE-2023-22970
- EPSS 0.47%
- Veröffentlicht 26.05.2023 18:15:13
- Zuletzt bearbeitet 15.01.2025 17:15:11
Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file.
CVE-2023-2283
- EPSS 1.06%
- Veröffentlicht 26.05.2023 18:15:13
- Zuletzt bearbeitet 03.11.2025 21:15:57
A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in the`pki_verify_data_signature` function in memory allocation problems. This issue may happen if there is insufficient memory or the memory...
CVE-2023-1981
- EPSS 0.39%
- Veröffentlicht 26.05.2023 18:15:11
- Zuletzt bearbeitet 03.11.2025 22:16:03
A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.
CVE-2023-1667
- EPSS 1.31%
- Veröffentlicht 26.05.2023 18:15:10
- Zuletzt bearbeitet 21.11.2024 07:39:39
A NULL pointer dereference was found In libssh during re-keying with algorithm guessing. This issue may allow an authenticated client to cause a denial of service.
CVE-2023-32067
- EPSS 1.58%
- Veröffentlicht 25.05.2023 23:15:09
- Zuletzt bearbeitet 21.11.2024 08:02:38
c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erro...
CVE-2023-31124
- EPSS 0.94%
- Veröffentlicht 25.05.2023 22:15:09
- Zuletzt bearbeitet 13.02.2025 17:16:26
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which co...
CVE-2023-31130
- EPSS 0.33%
- Veröffentlicht 25.05.2023 22:15:09
- Zuletzt bearbeitet 13.02.2025 17:16:26
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration p...
CVE-2023-31147
- EPSS 0.91%
- Veröffentlicht 25.05.2023 22:15:09
- Zuletzt bearbeitet 21.11.2024 08:01:29
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predict...
CVE-2023-33204
- EPSS 0.33%
- Veröffentlicht 18.05.2023 08:15:08
- Zuletzt bearbeitet 03.11.2025 18:15:40
sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. NOTE: this issue exists because of an incomplete fix for CVE-2022-39377.
CVE-2023-2731
- EPSS 0.43%
- Veröffentlicht 17.05.2023 22:15:11
- Zuletzt bearbeitet 22.01.2025 19:15:09
A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TI...