| 2023-02-21 | CVE-2023-23009 | Resource Exhaustion vulnerability in multiple products
Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length. | 6.5 |
| 2023-02-20 | CVE-2022-48337 | OS Command Injection vulnerability in multiple products
GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. | 9.8 |
| 2023-02-20 | CVE-2023-24998 | Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured. | 7.5 |
| 2023-02-15 | CVE-2023-0361 | Information Exposure Through Discrepancy vulnerability in multiple products
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. | 7.4 |
| 2023-02-15 | CVE-2023-24580 | Resource Exhaustion vulnerability in multiple products
An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. | 7.5 |
| 2023-02-14 | CVE-2023-25725 | HAProxy before 2.7.3 may allow a bypass of access control because HTTP/1 headers are inadvertently lost in some situations, aka "request smuggling." The HTTP header parsers in HAProxy may accept empty header field names, which could be used to truncate the list of HTTP headers and thus make some headers disappear after being parsed and processed for HTTP/1.0 and HTTP/1.1. | 9.1 |
| 2023-02-09 | CVE-2023-0770 | Out-of-bounds Write vulnerability in multiple products
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2. | 7.8 |
| 2023-02-09 | CVE-2023-22795 | A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header. | 7.5 |
| 2023-02-01 | CVE-2023-23969 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. | 7.5 |
| 2023-01-27 | CVE-2020-36658 | Improper Certificate Validation vulnerability in multiple products
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. | 8.1 |