CVE-2023-23916
- EPSS 1.7%
- Veröffentlicht 23.02.2023 20:15:13
- Zuletzt bearbeitet 12.03.2025 19:15:36
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms...
CVE-2023-26081
- EPSS 1.23%
- Veröffentlicht 20.02.2023 03:15:10
- Zuletzt bearbeitet 18.03.2025 15:15:45
In Epiphany (aka GNOME Web) through 43.0, untrusted web content can trick users into exfiltrating passwords, because autofill occurs in sandboxed contexts.
CVE-2023-24329
- EPSS 20.46%
- Veröffentlicht 17.02.2023 15:15:12
- Zuletzt bearbeitet 03.11.2025 22:16:05
An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.
CVE-2023-0361
- EPSS 1.4%
- Veröffentlicht 15.02.2023 18:15:11
- Zuletzt bearbeitet 19.03.2025 18:15:18
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypted in the RSA ciphertext across a network in a Bleichenbacher style attack. To achieve a s...
CVE-2023-0003
- EPSS 1.16%
- Veröffentlicht 08.02.2023 18:15:11
- Zuletzt bearbeitet 13.02.2025 17:15:52
A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server.
CVE-2022-46663
- EPSS 1.41%
- Veröffentlicht 07.02.2023 21:15:09
- Zuletzt bearbeitet 25.03.2025 15:15:16
In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.
CVE-2023-25193
- EPSS 1.81%
- Veröffentlicht 04.02.2023 20:15:08
- Zuletzt bearbeitet 25.03.2025 21:15:41
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
CVE-2023-25136
- EPSS 89.96%
- Veröffentlicht 03.02.2023 06:15:09
- Zuletzt bearbeitet 28.05.2026 18:16:28
OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to an...
CVE-2022-3560
- EPSS 0.25%
- Veröffentlicht 02.02.2023 21:22:38
- Zuletzt bearbeitet 26.03.2025 19:15:18
A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign'...
CVE-2022-48303
- EPSS 4.52%
- Veröffentlicht 30.01.2023 04:15:08
- Zuletzt bearbeitet 27.03.2025 21:15:40
GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump. Exploitation to change the flow of control has not been demonstrated. The issue occurs in from_header in list.c via a V7 archiv...