|
211
|
9.8
-
|
CRITICAL
Network
|
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style di…
|
CWE-843
Type Confusion
|
CVE-2023-42464
|
cpe:2.3:o:debian:debian_linux:11.0:* cpe:2.3:o:debian:debian_linux:10.0:*
|
|
|
|
|
2024-11-21 17:22
2023-09-21
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
212
|
9.8
-
|
CRITICAL
Network
|
paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar …
|
CWE-91
Blind XPath Injection
|
CVE-2019-19450
|
cpe:2.3:o:debian:debian_linux:10.0:*
|
|
|
|
|
2024-11-21 13:34
2023-09-20
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
213
|
7.5
-
|
HIGH
Network
|
A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused …
|
CWE-617
Reachable Assertion
|
CVE-2023-4236
|
cpe:2.3:o:debian:debian_linux:11.0:* cpe:2.3:o:debian:debian_linux:10.0:*
|
|
|
|
|
2024-11-21 17:34
2023-09-20
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
214
|
7.5
-
|
HIGH
Network
|
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depend…
|
CWE-787
Out-of-bounds Write
|
CVE-2023-3341
|
cpe:2.3:o:debian:debian_linux:11.0:* cpe:2.3:o:debian:debian_linux:10.0:*
|
|
|
|
|
2024-11-21 17:17
2023-09-20
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
215
|
4.3
-
|
MEDIUM
Network
|
Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nes…
|
CWE-287
Improper Authentication
|
CVE-2023-41900
|
cpe:2.3:o:debian:debian_linux:12.0:* cpe:2.3:o:debian:debian_linux:11.0:*
|
|
|
|
|
2024-11-21 17:21
2023-09-16
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
216
|
5.3
-
|
MEDIUM
Network
|
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header fie…
|
-
|
CVE-2023-40167
|
cpe:2.3:o:debian:debian_linux:12.0:* cpe:2.3:o:debian:debian_linux:11.0:* cpe:2.3:o:debian:debian_linux:10.0:*
|
|
|
|
|
2024-11-21 17:18
2023-09-16
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
217
|
4.3
-
|
MEDIUM
Network
|
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sen…
|
-
|
CVE-2023-36479
|
cpe:2.3:o:debian:debian_linux:12.0:* cpe:2.3:o:debian:debian_linux:11.0:* cpe:2.3:o:debian:debian_linux:10.0:*
|
|
|
|
|
2024-11-21 17:09
2023-09-16
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
218
|
4.3
-
|
MEDIUM
Network
|
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security s…
|
NVD-CWE-noinfo
|
CVE-2023-4900
|
cpe:2.3:o:debian:debian_linux:12.0:* cpe:2.3:o:debian:debian_linux:11.0:*
|
|
|
|
|
2024-11-21 17:36
2023-09-13
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
219
|
4.3
-
|
MEDIUM
Network
|
Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)
|
NVD-CWE-noinfo
|
CVE-2023-4909
|
cpe:2.3:o:debian:debian_linux:12.0:* cpe:2.3:o:debian:debian_linux:11.0:*
|
|
|
|
|
2024-11-21 17:36
2023-09-13
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
220
|
4.3
-
|
MEDIUM
Network
|
Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)
|
NVD-CWE-noinfo
|
CVE-2023-4908
|
cpe:2.3:o:debian:debian_linux:12.0:* cpe:2.3:o:debian:debian_linux:11.0:*
|
|
|
|
|
2024-11-21 17:36
2023-09-13
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|