Month: August 2023

An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. Continue reading CVE-2022-48566 (python)→

An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. Continue reading CVE-2022-48565 (python)→

memcached 1.6.7 allows a Denial of Service via multi-packet uploads in UDP. Continue reading CVE-2022-48571 (memcached)→

Crypto++ through 8.4 contains a timing side channel in ECDSA signature generation. Function FixedSizeAllocatorWithCleanup could write to memory outside of the allocation if the allocated memory was not 16-byte aligned. NOTE: this issue exists because t… Continue reading CVE-2022-48570 (crypto++)→

An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to execute commands. Continue reading CVE-2023-23564 (isigeo_web)→

An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to obtain sensitive database content via SQL Injection. Continue reading CVE-2023-23563 (isigeo_web)→

An issue was discovered in Geomatika IsiGeo Web 6.0. It allows remote authenticated users to retrieve PHP files from the server via Local File Inclusion. Continue reading CVE-2023-23565 (isigeo_web)→

A use-after-free exists in Python through 3.9 via heappushpop in heapq. Continue reading CVE-2022-48560 (debian_linux, python)→

In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. Continue reading CVE-2022-48522 (perl)→

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. Continue reading CVE-2022-48174 (busybox)→