Debian: >> Debian Linux Security Vulnerabilities
An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.
CVSS Score
9.8
EPSS Score
0.073
Published
2023-08-22
An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-08-22
There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.007
Published
2023-08-22
File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-08-22
A use-after-free exists in Python through 3.9 via heappushpop in heapq.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-08-22
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.
On version 1.16, a malicious SVG could trigger loading external resources by default, causing resource consumption or in some cases even information disclosure. Users are recommended to upgrade to version 1.17 or later.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-22
Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.
A malicious SVG can probe user profile / data and send it directly as parameter to a URL.
CVSS Score
4.4
EPSS Score
0.003
Published
2023-08-22
In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-08-22
An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file.
CVSS Score
6.5
EPSS Score
0.0
Published
2023-08-22
A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution.
CVSS Score
6.5
EPSS Score
0.003
Published
2023-08-22