Artifex Ghostscript vulnerability CVE-2023-43115

Artifex Ghostscript versions prior to 10.02.0 can lead to remote code execution via crafted PostScript documents.

Libcurl/curl vulnerability CVE-2023-38545 and CVE-2023-38546

Curl heap based buffer overflow when asked to pass the host name to the SOCKS5 proxy to resolve address.

Artifex Ghostscript vulnerability CVE-2023-36664

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).

X.400 confusion vulnerability CVE-2023-0286

Certain versions of OpenSSL contain a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName.

X.509 Certificate vulnerability CVE-2022-3786 and CVE-2022-3602

Buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking.

Apache Commons vulnerability CVE-2022-42889 and CVE-2022-33980

Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded.

OpenSSL Security vulnerability CVE-2022-2068 and CVE-2022-2274

File names of certificates being hashed were possibly passed to a command executed through the shell. Additionally, the RSA implementation causing memory corruption.

Apache Tomcat vulnerability

An application may continue to use the socket after it has been closed.

Spring Security vulnerability

A flaw was found in Spring Security. When using RegexRequestMatcher, an easy misconfiguration can bypass some servlet containers.

Authorization Bypass vulnerability

Authorization Bypass Through User-Controlled Key in GitHub repository emickel/go-restful vulnerability.