Skip to main content
CVE-2023-0433 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1225. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-24039 HIGH POC This Week

A stack-based buffer overflow in ParseColors in libXm in Common Desktop Environment 1.6 can be exploited by local low-privileged users via the dtprintinfo setuid binary to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Common Desktop Environment
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-24042 HIGH POC This Week

A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Race Condition Path Traversal Lightftp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-24038 HIGH POC This Week

The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Html Stripscripts Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-24040 HIGH POC This Week

dtprintinfo in Common Desktop Environment 1.6 has a bug in the parser of lpstat (an invoked external command) during listing of the names of available printers. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Common Desktop Environment
NVD GitHub
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-22884 CRITICAL PATCH Act Now

Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Command Injection Airflow Apache Airflow Providers Mysql
NVD GitHub
CVSS 3.1
9.8
EPSS
11.1%
CVE-2023-22617 HIGH This Week

A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Recursor
NVD
CVSS 3.1
7.5
EPSS
7.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy