Total
8276 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25221 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-11-21 | N/A | 7.8 HIGH |
| Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc. | |||||
| CVE-2023-24998 | 2 Apache, Debian | 2 Commons Fileupload, Debian Linux | 2024-11-21 | N/A | 7.5 HIGH |
| Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. | |||||
| CVE-2023-24805 | 3 Debian, Fedoraproject, Linuxfoundation | 3 Debian Linux, Fedora, Cups-filters | 2024-11-21 | N/A | 8.8 HIGH |
| cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. If you use the Backend Error Handler (beh) to create an accessible network printer, this security vulnerability can cause remote code execution. `beh.c` contains the line `retval = system(cmdline) >> 8;` which calls the `system` command with the operand `cmdline`. `cmdline` contains multiple user controlled, unsanitized values. As a result an attacker with network access to the hosted print server can exploit this vulnerability to inject system commands which are executed in the context of the running server. This issue has been addressed in commit `8f2740357` and is expected to be bundled in the next release. Users are advised to upgrade when possible and to restrict access to network printers in the meantime. | |||||
| CVE-2023-24758 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-11-21 | N/A | 5.5 MEDIUM |
| libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | |||||
| CVE-2023-24757 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-11-21 | N/A | 5.5 MEDIUM |
| libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_unweighted_pred_16_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | |||||
| CVE-2023-24756 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-11-21 | N/A | 5.5 MEDIUM |
| libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_unweighted_pred_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | |||||
| CVE-2023-24755 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-11-21 | N/A | 5.5 MEDIUM |
| libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the put_weighted_pred_8_fallback function at fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | |||||
| CVE-2023-24754 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-11-21 | N/A | 5.5 MEDIUM |
| libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_weighted_pred_avg_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | |||||
| CVE-2023-24752 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-11-21 | N/A | 5.5 MEDIUM |
| libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the ff_hevc_put_hevc_epel_pixels_8_sse function at sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | |||||
| CVE-2023-24751 | 2 Debian, Struktur | 2 Debian Linux, Libde265 | 2024-11-21 | N/A | 6.5 MEDIUM |
| libde265 v1.0.10 was discovered to contain a NULL pointer dereference in the mc_chroma function at motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input file. | |||||
| CVE-2023-24580 | 2 Debian, Djangoproject | 2 Debian Linux, Django | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. | |||||
| CVE-2023-24038 | 2 Debian, Html-stripscripts Project | 2 Debian Linux, Html-stripscripts | 2024-11-21 | N/A | 7.5 HIGH |
| The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. | |||||
| CVE-2023-24021 | 2 Debian, Trustwave | 2 Debian Linux, Modsecurity | 2024-11-21 | N/A | 7.5 HIGH |
| Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. | |||||
| CVE-2023-23969 | 2 Debian, Djangoproject | 2 Debian Linux, Django | 2024-11-21 | N/A | 7.5 HIGH |
| In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. | |||||
| CVE-2023-23920 | 2 Debian, Nodejs | 2 Debian Linux, Node.js | 2024-11-21 | N/A | 4.2 MEDIUM |
| An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges. | |||||
| CVE-2023-23916 | 5 Debian, Fedoraproject, Haxx and 2 more | 13 Debian Linux, Fedora, Curl and 10 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. | |||||
| CVE-2023-23589 | 3 Debian, Fedoraproject, Torproject | 3 Debian Linux, Fedora, Tor | 2024-11-21 | N/A | 6.5 MEDIUM |
| The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. | |||||
| CVE-2023-23559 | 3 Debian, Linux, Netapp | 3 Debian Linux, Linux Kernel, Hci Baseboard Management Controller | 2024-11-21 | N/A | 7.8 HIGH |
| In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. | |||||
| CVE-2023-23455 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
| atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | |||||
| CVE-2023-23454 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
| cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | |||||