CVE-2023-34872

A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Package apache2-mod_wsgi updated to version 4.9.4-alt0.c10f2.1 for branch c10f2 in task 340167.

Published: 2022-07-18

BDU:2022-05209

Уязвимость модуля mod_wsgi веб-сервера Apache, связанная с ошибками при обработке заголовока X-Client-IP, позволяющая нарушителю получить несанкционированный доступ к сетевым службам

Severity: MEDIUM (5.6) Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

CVE-2022-2255

Published: 2022-08-25
Modified: 2024-11-21

CVE-2022-2255

A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Version: 2.1.0

Branch c10f2 update on 2024-02-14

ALT-BU-2024-2290-1

ALT-PU-2024-1712-4

Closed vulnerabilities

CVE-2023-34872

ALT-PU-2024-2026-2

Closed vulnerabilities

BDU:2022-05209

CVE-2022-2255