Vulnerabilities > Debian > Debian Linux > High

DATE CVE VULNERABILITY TITLE RISK
2023-02-20 CVE-2023-24998 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.
network
low complexity
apache debian CWE-770
7.5
2023-02-15 CVE-2023-0361 Information Exposure Through Discrepancy vulnerability in multiple products
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS.
network
high complexity
gnu redhat debian fedoraproject netapp CWE-203
7.4
2023-02-15 CVE-2023-24580 Resource Exhaustion vulnerability in multiple products
An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7.
network
low complexity
djangoproject debian CWE-400
7.5
2023-02-09 CVE-2023-0770 Out-of-bounds Write vulnerability in multiple products
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.
local
low complexity
gpac debian CWE-787
7.8
2023-02-09 CVE-2023-22795 A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-None-Match header.
network
low complexity
rubyonrails debian
7.5
2023-02-01 CVE-2023-23969 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing.
network
low complexity
djangoproject debian CWE-770
7.5
2023-01-27 CVE-2020-36658 Improper Certificate Validation vulnerability in multiple products
In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.
network
high complexity
lemonldap-ng debian CWE-295
8.1
2023-01-27 CVE-2020-36659 Improper Certificate Validation vulnerability in multiple products
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.
network
high complexity
lemonldap-ng debian CWE-295
8.1
2023-01-26 CVE-2023-0412 Improper Resource Shutdown or Release vulnerability in multiple products
TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark debian CWE-404
7.1
2023-01-21 CVE-2023-24038 The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes.
network
low complexity
html-stripscripts-project debian
7.5