Vulnerabilities > Debian > Debian Linux > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-05-30 CVE-2023-2650 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit.
network
low complexity
openssl debian CWE-770
6.5
6.5
2023-05-26 CVE-2023-2898 NULL Pointer Dereference vulnerability in multiple products
There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel.
local
high complexity
linux debian netapp CWE-476
4.7
4.7
2023-05-26 CVE-2023-28321 Improper Certificate Validation vulnerability in multiple products
An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates.
network
high complexity
haxx debian fedoraproject netapp apple CWE-295
5.9
5.9
2023-05-26 CVE-2023-2854 Out-of-bounds Write vulnerability in multiple products
BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
network
low complexity
wireshark debian CWE-787
6.5
6.5
2023-05-26 CVE-2023-2855 Out-of-bounds Write vulnerability in multiple products
Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
network
low complexity
wireshark debian CWE-787
6.5
6.5
2023-05-26 CVE-2023-2856 Out-of-bounds Write vulnerability in multiple products
VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
network
low complexity
wireshark debian CWE-787
6.5
6.5
2023-05-26 CVE-2023-2857 Out-of-bounds Write vulnerability in multiple products
BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
network
low complexity
wireshark debian CWE-787
6.5
6.5
2023-05-26 CVE-2023-2858 Out-of-bounds Write vulnerability in multiple products
NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
network
low complexity
wireshark debian CWE-787
6.5
6.5
2023-05-26 CVE-2023-1667 NULL Pointer Dereference vulnerability in multiple products
A NULL pointer dereference was found In libssh during re-keying with algorithm guessing.
network
low complexity
libssh fedoraproject debian redhat CWE-476
6.5
6.5
2023-05-26 CVE-2023-2002 Incorrect Authorization vulnerability in multiple products
A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel.
low complexity
linux debian CWE-863
6.8
6.8