Vulnerabilities > Debian
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-08-22 | CVE-2022-44729 | Server-Side Request Forgery (SSRF) vulnerability in multiple products Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. | 7.1 |
2023-08-22 | CVE-2022-44730 | Server-Side Request Forgery (SSRF) vulnerability in multiple products Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL. | 4.4 |
2023-08-22 | CVE-2022-48554 | Out-of-bounds Read vulnerability in multiple products File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. | 5.5 |
2023-08-22 | CVE-2022-48560 | Use After Free vulnerability in multiple products A use-after-free exists in Python through 3.9 via heappushpop in heapq. | 7.5 |
2023-08-22 | CVE-2022-48565 | XXE vulnerability in multiple products An XML External Entity (XXE) issue was discovered in Python through 3.9.1. | 9.8 |
2023-08-22 | CVE-2022-48566 | Race Condition vulnerability in multiple products An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. | 5.9 |
2023-08-20 | CVE-2023-37369 | In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2, there can be an application crash in QXmlStreamReader via a crafted XML string that triggers a situation in which a prefix is greater than a length. | 7.5 |
2023-08-15 | CVE-2023-4349 | Use After Free vulnerability in multiple products Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2023-08-15 | CVE-2023-4350 | Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 6.5 |
2023-08-15 | CVE-2023-4351 | Use After Free vulnerability in multiple products Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. | 8.8 |