) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Keyword and keyword exact match searches have been re-enabled. Clarifications on how keyword search operates can be found in the documentation for keyword parameters. For questions and concerns you can contact nvd@nist.gov .
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.
For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
-
CVE-2023-33850 - IBM GSKit-Crypto could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. By sending an overly large number of trial messages for decryption, an attacker could expl... read CVE-2023-33850
Published: August 22, 2023; 5:15:07 PM -0400V3.1: 7.5 HIGH
-
CVE-2023-38666 - Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4encrypt.
Published: August 22, 2023; 3:16:39 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2023-38667 - Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service.
Published: August 22, 2023; 3:16:39 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2023-38668 - Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash).
Published: August 22, 2023; 3:16:39 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2023-38996 - An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command.
Published: August 22, 2023; 3:16:39 PM -0400V3.1: 6.7 MEDIUM
-
CVE-2023-39141 - webui-aria2 commit 4fe2e was discovered to contain a path traversal vulnerability.
Published: August 22, 2023; 3:16:39 PM -0400V3.1: 7.5 HIGH
-
CVE-2023-39599 - Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter.
Published: August 22, 2023; 3:16:39 PM -0400V3.1: 5.4 MEDIUM
-
CVE-2022-48522 - In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
Published: August 22, 2023; 3:16:31 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2022-48174 - There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.
Published: August 22, 2023; 3:16:31 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2022-47022 - An issue was discovered in open-mpi hwloc 2.1.0 allows attackers to cause a denial of service or other unspecified impacts via glibc-cpuset in topology-linux.c.
Published: August 22, 2023; 3:16:30 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2022-37050 - In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vul... read CVE-2022-37050
Published: August 22, 2023; 3:16:23 PM -0400V3.1: 6.5 MEDIUM
-
CVE-2022-38349 - An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file.
Published: August 22, 2023; 3:16:23 PM -0400V3.1: 6.5 MEDIUM
-
CVE-2022-44215 - There is an open redirect vulnerability in Titan FTP server 19.0 and below. Users are redirected to any target URL.
Published: August 22, 2023; 3:16:29 PM -0400V3.1: 6.1 MEDIUM
-
CVE-2021-46310 - An issue was discovered IW44Image.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.
Published: August 22, 2023; 3:16:21 PM -0400V3.1: 6.5 MEDIUM
-
CVE-2021-46312 - An issue was discovered IW44EncodeCodec.cpp in djvulibre 3.5.28 in allows attackers to cause a denial of service via divide by zero.
Published: August 22, 2023; 3:16:21 PM -0400V3.1: 6.5 MEDIUM
-
CVE-2021-40263 - A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.
Published: August 22, 2023; 3:16:21 PM -0400V3.1: 8.8 HIGH
-
CVE-2021-35309 - An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks.
Published: August 22, 2023; 3:16:21 PM -0400V3.1: 7.5 HIGH
-
CVE-2021-34193 - Stack overflow vulnerability in OpenSC smart card middleware before 0.23 via crafted responses to APDUs.
Published: August 22, 2023; 3:16:20 PM -0400V3.1: 7.5 HIGH
-
CVE-2020-26683 - A memory leak issue discovered in /pdf/pdf-font-add.c in Artifex Software MuPDF 1.17.0 allows attackers to obtain sensitive information.
Published: August 22, 2023; 3:16:19 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2020-21583 - An issue was discovered in hwclock.13-v2.27 allows attackers to gain escalated privlidges or execute arbitrary commands via the path parameter when setting the date.
Published: August 22, 2023; 3:16:13 PM -0400V3.1: 6.7 MEDIUM