Vulnerabilities
Vulnerable Software
Debian:  >> Debian Linux  Security Vulnerabilities
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.
CVSS Score
5.9
EPSS Score
0.011
Published
2023-08-22
There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.031
Published
2023-08-22
File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.
CVSS Score
5.5
EPSS Score
0.007
Published
2023-08-22
A use-after-free exists in Python through 3.9 via heappushpop in heapq.
CVSS Score
7.5
EPSS Score
0.018
Published
2023-08-22
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.
CVSS Score
7.1
EPSS Score
0.008
Published
2023-08-22
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16. A malicious SVG can probe user profile / data and send it directly as parameter to a URL.
CVSS Score
4.4
EPSS Score
0.007
Published
2023-08-22
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.
CVSS Score
6.5
EPSS Score
0.009
Published
2023-08-22
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.
CVSS Score
6.5
EPSS Score
0.01
Published
2023-08-22
A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution.
CVSS Score
6.5
EPSS Score
0.009
Published
2023-08-22
Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.
CVSS Score
5.9
EPSS Score
0.008
Published
2023-08-22


Contact Us

Shodan ® - All rights reserved