Shodan
Vulnerabilities
Vulnerable Software
Fedoraproject:  >> Fedora  Security Vulnerabilities
CVE-2023-43665
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.
CVSS Score
7.5
EPSS Score
0.011
Published
2023-11-03
CVE-2023-44271
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-11-03
CVE-2023-41164
In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-11-03
CVE-2023-5849
Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.006
Published
2023-11-01
CVE-2023-5850
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)
CVSS Score
4.3
EPSS Score
0.006
Published
2023-11-01
CVE-2023-5851
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
CVSS Score
4.3
EPSS Score
0.003
Published
2023-11-01
CVE-2023-5852
Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
CVSS Score
8.8
EPSS Score
0.006
Published
2023-11-01
CVE-2023-5853
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
CVSS Score
4.3
EPSS Score
0.004
Published
2023-11-01
CVE-2023-5854
Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
CVSS Score
8.8
EPSS Score
0.006
Published
2023-11-01
CVE-2023-5855
Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
CVSS Score
8.8
EPSS Score
0.006
Published
2023-11-01


Products
Pricing
Contact Us

Shodan ® - All rights reserved