Artifex Ghostscript vulnerability CVE-2023-43115

Artifex Ghostscript versions prior to 10.02.0 can lead to remote code execution via crafted PostScript documents.

Libcurl/curl vulnerability CVE-2023-38545 and CVE-2023-38546

Curl heap based buffer overflow when asked to pass the host name to the SOCKS5 proxy to resolve address.

Artifex Ghostscript vulnerability CVE-2023-36664

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

X.400 confusion vulnerability CVE-2023-0286

Certain versions of OpenSSL contain a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.

X.509 Certificate vulnerability CVE-2022-3786 and CVE-2022-3602

Buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking.

Apache Commons vulnerability CVE-2022-42889 and CVE-2022-33980

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.

OpenSSL Security vulnerability CVE-2022-2068 and CVE-2022-2274

File names of certificates being hashed were possibly passed to a command executed through the shell. Additionally, the RSA implementation causing memory corruption.

Apache Tomcat vulnerability
CVE-2022-25762

An application may continue to use the socket after it has been closed.

Spring Security vulnerability
CVE-2022-22978

A flaw was found in Spring Security. When using RegexRequestMatcher, an easy misconfiguration can bypass some servlet containers.

Authorization Bypass vulnerability
CVE-2022-1996

Authorization Bypass Through User-Controlled Key in GitHub repository emickel/go-restful vulnerability.