Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2023-03-21 CVE-2022-42332 Use After Free vulnerability in multiple products
x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode.
local
low complexity
xen debian fedoraproject CWE-416
7.8
2023-03-21 CVE-2022-42333 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place.
network
low complexity
xen debian fedoraproject CWE-770
8.6
2023-03-01 CVE-2023-25221 Out-of-bounds Write vulnerability in multiple products
Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc.
local
low complexity
struktur debian CWE-787
7.8
2023-02-23 CVE-2023-23916 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms.
network
low complexity
haxx fedoraproject debian CWE-770
7.5
2023-02-22 CVE-2023-26314 The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.
network
low complexity
mono-project debian
8.8
2023-02-15 CVE-2023-0361 Information Exposure Through Discrepancy vulnerability in multiple products
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS.
network
low complexity
gnu redhat debian CWE-203
7.5
2023-02-15 CVE-2023-24580 Resource Exhaustion vulnerability in multiple products
An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7.
network
low complexity
djangoproject debian CWE-400
7.5
2023-02-01 CVE-2023-23969 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing.
network
low complexity
djangoproject debian CWE-770
7.5
2023-01-27 CVE-2020-36658 Improper Certificate Validation vulnerability in multiple products
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.
network
high complexity
lemonldap-ng debian CWE-295
8.1
2023-01-27 CVE-2020-36659 Improper Certificate Validation vulnerability in multiple products
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.
network
high complexity
lemonldap-ng debian CWE-295
8.1