Page 97 of 8983 results (0.012 seconds)

CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0

CVE-2023-26314

https://notcve.org/view.php?id=CVE-2023-26314

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. • https://bugs.debian.org/972146 https://lists.debian.org/debian-lts-announce/2023/02/msg00037.html https://www.openwall.com/lists/oss-security/2023/01/05/1 •

CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1

CVE-2023-23009 – libreswan: remote DoS via crafted TS payload with an incorrect selector length

https://notcve.org/view.php?id=CVE-2023-23009

Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length. A flaw was found in the Libreswan package. A crafted TS payload with an incorrect selector length may allow a remote attacker to cause a denial of service. • https://github.com/libreswan/libreswan/issues/954 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MFOIQX2LRL43P3GJT33DE7G7COHNXDN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CSMYJH7MC2FZGCY5NH5AXULO3ISXIHOF https://www.debian.org/security/2023/dsa-5368 https://access.redhat.com/security/cve/CVE-2023-23009 https://bugzilla.redhat.com/show_bug.cgi?id=2173610 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 2%CPEs: 4EXPL: 1

CVE-2023-24998 – Apache Commons FileUpload, Apache Tomcat: FileUpload DoS with excessive parts

https://notcve.org/view.php?id=CVE-2023-24998

Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform. • https://github.com/nice1st/CVE-2023-24998 http://www.openwall.com/lists/oss-security/2023/05/22/1 https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://security.gentoo.org/glsa/202305-37 https://www.debian.org/security/2023/dsa-5522 https://access.redhat.com/security/cve/CVE-2023-24998 https://bugzilla.redhat.com/show_bug.cgi?id=2172298 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-48337 – emacs: command execution via shell metacharacters

https://notcve.org/view.php?id=CVE-2022-48337

GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. A flaw was found in the Emacs package. This flaw allows attackers to execute commands via shell metacharacters in the name of a source-code file. • https://git.savannah.gnu.org/cgit/emacs.git/commit/?id=01a4035c869b91c153af9a9132c87adb7669ea1c https://lists.debian.org/debian-lts-announce/2023/05/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FLPQ4K6H2S5TY3L5UDN4K4B3L5RQJYQ6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6HDBUQNAH2WL4MHWCTUZLN7NGF7CHTK https://www.debian.org/security/2023/dsa-5360 https://access.redhat.com/security/cve/CVE-2022-48337 https://bugzill • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2023-24580 – python-django: Potential denial-of-service vulnerability in file uploads

https://notcve.org/view.php?id=CVE-2023-24580

An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. Passing certain inputs (e.g., an excessive number of parts) to multipart forms could result in too many open files or memory exhaustion, and provided a potential vector for a denial-of-service attack. A memory exhaustion flaw was found in the python-django package. This issue occurs when passing certain inputs, leading to a system crash and denial of service. • http://www.openwall.com/lists/oss-security/2023/02/14/1 https://docs.djangoproject.com/en/4.1/releases/security https://groups.google.com/forum/#%21forum/django-announce https://lists.debian.org/debian-lts-announce/2023/02/msg00023.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FKYVMMR7RPM6AHJ2SBVM2LO6D3NGFY7B https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK https://lists.fedoraproject • CWE-400: Uncontrolled Resource Consumption •