PaperCut MF < 20.1.9 / 21.x < 21.2.13 / 22.x < 22.1.3 Multiple Vulnerabilities

The version of PaperCut MF installed on the remote Windows host is affected by multiple vulnerabilities, as follows: - An authentication bypass exists that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut host’s file storage. This could exhaust system...

AZL-28833 CVE-2023-38039 affecting package mysql for versions less than 8.0.35-1

When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of header...

UBUNTU-CVE-2023-1576

REJECT This is a duplicate of an earlier CVE, CVE-2022-47069...

USN-6371-1 libssh2 vulnerability

It was discovered that libssh2 incorrectly handled memory access. An attacker could possibly use this issue to cause a crash...

CVE-2023-39914

NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding...

CVE-2023-38152

DHCP Server Service Information Disclosure Vulnerability...

UBUNTU-CVE-2023-4638

Unknown description...

CVE-2023-39372

StarTrinity Softswitch version 2023-02-16 - Multiple CSRF CWE-352...

BELL-CVE-2018-12543 CVE-2018-12543 does not affect BellSoft software

Bulletin has no description...

UBUNTU-CVE-2023-35394

Azure HDInsight Jupyter Notebook Spoofing Vulnerability...

PT-2025-27626

Name of the Vulnerable Software and Affected Versions Hikvision Integrated Security Management Platform affected versions not specified Description An unauthenticated remote command execution issue exists in the applyCT component of the Hikvision Integrated Security Management Platform. This is d...

CVE-2023-38187

Microsoft Edge Chromium-based Elevation of Privilege Vulnerability...

CVE-2022-29144

Microsoft Edge Chromium-based Elevation of Privilege Vulnerability...

USN-6121-1 nanopb vulnerabilities

It was discovered that Nanopb incorrectly handled certain decode messages. An attacker could possibly use this cause a denial of service or expose sensitive information. CVE-2020-26243 It was discovered that Nanopb incorrectly handled certain decode messages. An attacker could possibly use this...

AZL-26917 CVE-2023-31130 affecting package fluent-bit for versions less than 2.1.10-1

c-ares is an asynchronous resolver library. aresinetnetpton is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to...

PT-2023-35839 · Libredwg · Libredwg

Name of the Vulnerable Software and Affected Versions: LibreDWG affected versions not specified Description: The issue is related to a crash caused by an unknown read. Technical details about the crash include the function names dxf fixup string, dwg dxf DIMENSION ALIGNED private, and dwg dxf...

An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result the memory and CPU usage are high which can lead to a Denial of Service (DoS).

...

AZL-26670 CVE-2023-32573 affecting package qt5-qtsvg for versions less than 5.15.9-1

In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont munitsPerEm initialization is mishandled...

CVE-2023-28306

Windows DNS Server Remote Code Execution Vulnerability...

CVE-2023-28293

Windows Kernel Elevation of Privilege Vulnerability...