Page 98 of 8866 results (0.011 seconds)

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

CVE-2023-0770 – Stack-based Buffer Overflow in gpac/gpac

https://notcve.org/view.php?id=CVE-2023-0770

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2. • https://github.com/gpac/gpac/commit/c31941822ee275a35bc148382bafef1c53ec1c26 https://huntr.dev/bounties/e0fdeee5-7909-446e-9bd0-db80fd80e8dd https://www.debian.org/security/2023/dsa-5411 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0

CVE-2023-23969 – python-django: Potential denial-of-service via Accept-Language headers

https://notcve.org/view.php?id=CVE-2023-23969

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial-of-service vector via excessive memory usage if the raw value of Accept-Language headers is very large. A flaw was found in python-django. The parsed values of the Accept-Language headers are cached in order to avoid repetitive parsing. This leads to a potential denial of service vector via excessive memory usage if large header values are sent. • https://docs.djangoproject.com/en/4.1/releases/security https://groups.google.com/forum/#%21forum/django-announce https://lists.debian.org/debian-lts-announce/2023/02/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HWY6DQWRVBALV73BPUVBXC3QIYUM24IK https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LTZVAKU5ALQWOKFTPISE257VCVIYGFQI https://security.netapp.com/advisory/ntap-20230302-0007 https://www.djangoproject.com/weblog& • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-36659

https://notcve.org/view.php?id=CVE-2020-36659

In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix. En Apache::Session::Browseable anterior a 1.3.6, la validez del certificado X.509 no se verifica de forma predeterminada cuando se conecta a backends LDAP remotos, porque se usa la configuración predeterminada del módulo Net::LDAPS para Perl. NOTA: esto se puede solucionar, por ejemplo, junto con la corrección CVE-2020-16093. • https://github.com/LemonLDAPNG/Apache-Session-Browseable/commit/fdf393235140b293cae5578ef136055a78f3574f https://lists.debian.org/debian-lts-announce/2023/01/msg00025.html • CWE-295: Improper Certificate Validation •

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2020-36658

https://notcve.org/view.php?id=CVE-2020-36658

In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. NOTE: this can, for example, be fixed in conjunction with the CVE-2020-16093 fix. En Apache::Session::LDAP anterior a 0.5, la validez del certificado X.509 no se verifica de forma predeterminada cuando se conecta a backends LDAP remotos, porque se usa la configuración predeterminada del módulo Net::LDAPS para Perl. NOTA: esto se puede solucionar, por ejemplo, junto con la corrección CVE-2020-16093. • https://github.com/LemonLDAPNG/Apache-Session-LDAP/commit/490722b71eed1ed1ab33d58c78578f23e043561f https://lists.debian.org/debian-lts-announce/2023/01/msg00024.html • CWE-295: Improper Certificate Validation •

CVSS: 7.7EPSS: 0%CPEs: 8EXPL: 1

CVE-2022-47951 – openstack: Arbitrary file access through custom VMDK flat descriptor

https://notcve.org/view.php?id=CVE-2022-47951

An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. Se descubrió un problema en OpenStack Cinder antes de 19.1.2, 20.x antes de 20.0.2 y 21.0.0; Vistazo antes de 23.0.1, 24.x antes de 24.1.1 y 25.0.0; y Nova antes de 24.1.2, 25.x antes de 25.0.2 y 26.0.0. Al proporcionar una imagen plana VMDK especialmente creada que hace referencia a una ruta de archivo de respaldo específica, un usuario autenticado puede convencer a los sistemas para que devuelvan una copia del contenido de ese archivo desde el servidor, lo que resulta en un acceso no autorizado a datos potencialmente confidenciales. A flaw was found in OpenStack-nova, Openstack-glance, and Openstack-cinder. • https://launchpad.net/bugs/1996188 https://lists.debian.org/debian-lts-announce/2023/01/msg00040.html https://lists.debian.org/debian-lts-announce/2023/01/msg00041.html https://lists.debian.org/debian-lts-announce/2023/01/msg00042.html https://security.openstack.org/ossa/OSSA-2023-002.html https://www.debian.org/security/2023/dsa-5336 https://www.debian.org/security/2023/dsa-5337 https://www.debian.org/security/2023/dsa-5338 https://access.redhat.com/security/cve/CVE • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-552: Files or Directories Accessible to External Parties •