Vulnerabilities > Debian > Debian Linux > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-23 | CVE-2022-48281 | Out-of-bounds Write vulnerability in multiple products processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image. | 5.5 |
| 2023-01-18 | CVE-2022-47950 | Files or Directories Accessible to External Parties vulnerability in multiple products An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0. | 6.5 |
| 2023-01-17 | CVE-2022-47929 | NULL Pointer Dereference vulnerability in multiple products In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. | 5.5 |
| 2023-01-14 | CVE-2023-23589 | The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. | 6.5 |
| 2023-01-12 | CVE-2023-23454 | Type Confusion vulnerability in multiple products cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | 5.5 |
| 2023-01-12 | CVE-2023-23455 | Type Confusion vulnerability in multiple products atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | 5.5 |
| 2022-12-30 | CVE-2022-34674 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak. | 6.1 |
| 2022-12-30 | CVE-2022-34680 | Incorrect Conversion between Numeric Types vulnerability in multiple products NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service. | 5.5 |
| 2022-12-30 | CVE-2022-42259 | Integer Overflow or Wraparound vulnerability in multiple products NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service. | 5.5 |
| 2022-12-22 | CVE-2022-36354 | Off-by-one Error vulnerability in multiple products A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. | 5.3 |