Vulnerabilities > Debian

DATE CVE VULNERABILITY TITLE RISK
2023-08-22 CVE-2020-23804 Uncontrolled Recursion vulnerability in multiple products
Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input.
network
low complexity
freedesktop debian CWE-674
7.5
7.5
2023-08-22 CVE-2020-35357 Classic Buffer Overflow vulnerability in multiple products
A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6.
network
low complexity
gnu debian CWE-120
6.5
6.5
2023-08-22 CVE-2022-37050 In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing.
network
low complexity
freedesktop debian
6.5
6.5
2023-08-22 CVE-2022-37051 Reachable Assertion vulnerability in multiple products
An issue was discovered in Poppler 22.07.0.
network
low complexity
freedesktop debian CWE-617
6.5
6.5
2023-08-22 CVE-2022-44729 Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure.
local
low complexity
apache debian
7.1
7.1
2023-08-22 CVE-2022-44730 Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL.
local
low complexity
apache debian
4.4
4.4
2023-08-22 CVE-2022-48554 Out-of-bounds Read vulnerability in multiple products
File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c.
local
low complexity
file-project debian CWE-125
5.5
5.5
2023-08-22 CVE-2022-48560 Use After Free vulnerability in multiple products
A use-after-free exists in Python through 3.9 via heappushpop in heapq.
network
low complexity
python debian CWE-416
7.5
7.5
2023-08-22 CVE-2022-48565 XXE vulnerability in multiple products
An XML External Entity (XXE) issue was discovered in Python through 3.9.1.
network
low complexity
python debian CWE-611
critical
 9.8
9.8
2023-08-22 CVE-2022-48566 Race Condition vulnerability in multiple products
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1.
network
high complexity
python debian netapp CWE-362
5.9
5.9