How severe is CVE-2023-33185?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.4 out of 10.

What type of vulnerability is CVE-2023-33185?

This is classified as CWE-347, which is a common weakness in software security.

CVE-2023-33185

MEDIUM Year: 2023

CVSS v3 Score

5.4

Medium

Weakness Type

CWE-347

View all →

Vulnerability Description

Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests are signed by AWS and are verified by django_ses, however the verification of this signature was found to be flawed as it allowed users to specify arbitrary public certificates. This issue was patched in version 3.5.0.

CVE-2024-11696

MEDIUM

CVSS:5.4(Medium)

The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest,...

CWE-3472024

CVE-2024-37886

MEDIUM

CVSS:5.4(Medium)

user_oidc app is an OpenID Connect user backend for Nextcloud. An attacker could potentially trick the app into accepting a request that is not signed by the correct server. It is recommended that the...

CWE-3472024

CVE-2018-10407

MEDIUM

CVSS:5.5(Medium)

An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary...

CWE-3472018

CVE-2020-1464

MEDIUM

CVSS:5.5(Medium)

A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed ...

CWE-3472020

CVE-2020-16922

MEDIUM

CVSS:5.5(Medium)

<p>A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly sign...

CWE-3472020

CVE-2020-8324

MEDIUM

CVSS:5.5(Medium)

A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation prior to version 1.2.184.31 that could allow unsigned DLL files to be executed.

CWE-3472020

CVE-2023-33185

Vulnerability Description

Related Vulnerabilities

CVE-2024-11696

CVE-2024-37886

CVE-2018-10407

CVE-2020-1464

CVE-2020-16922

CVE-2020-8324