CVE-2023-27536
- EPSS 1.57%
- Veröffentlicht 30.03.2023 20:15:07
- Zuletzt bearbeitet 14.02.2025 16:15:33
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION opt...
CVE-2023-27538
- EPSS 1.16%
- Veröffentlicht 30.03.2023 20:15:07
- Zuletzt bearbeitet 09.06.2025 15:15:29
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previous...
CVE-2023-26116
- EPSS 1.7%
- Veröffentlicht 30.03.2023 05:15:07
- Zuletzt bearbeitet 20.11.2025 17:53:57
Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a larg...
CVE-2023-26117
- EPSS 1.7%
- Veröffentlicht 30.03.2023 05:15:07
- Zuletzt bearbeitet 20.11.2025 17:53:57
Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Exploiting this vulnerability is possible by a large carefully-cra...
CVE-2023-26118
- EPSS 1.7%
- Veröffentlicht 30.03.2023 05:15:07
- Zuletzt bearbeitet 20.11.2025 17:53:57
Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the input[url] functionality. Exploiting this vulnerabi...
CVE-2023-0664
- EPSS 0.31%
- Veröffentlicht 29.03.2023 20:15:07
- Zuletzt bearbeitet 18.02.2025 20:15:16
A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.
CVE-2023-28447
- EPSS 1.03%
- Veröffentlicht 28.03.2023 21:15:11
- Zuletzt bearbeitet 03.11.2025 22:16:06
Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerability to execute arbitrary JavaScript code in the context of the user's browser session. This may lead to...
CVE-2023-0179
- EPSS 1.94%
- Veröffentlicht 27.03.2023 22:15:20
- Zuletzt bearbeitet 21.11.2024 07:36:41
A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execut...
CVE-2023-0494
- EPSS 0.9%
- Veröffentlicht 27.03.2023 21:15:10
- Zuletzt bearbeitet 24.02.2025 18:15:16
A vulnerability was found in X.Org. This issue occurs due to a dangling pointer in DeepCopyPointerClasses that can be exploited by ProcXkbSetDeviceInfo() and ProcXkbGetDeviceInfo() to read and write into freed memory. This can lead to local privilege...
CVE-2023-1073
- EPSS 0.39%
- Veröffentlicht 27.03.2023 21:15:10
- Zuletzt bearbeitet 23.04.2025 17:16:24
A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system.