Vulnerabilities > Debian
|2023-01-27||CVE-2020-36659|| Improper Certificate Validation vulnerability in multiple products |
In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.
high complexitylemonldap-ng debian CWE-295
| 8.1 |
|2023-01-26||CVE-2022-47951|| Path Traversal vulnerability in multiple products |
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0.
| 5.7 |
|2023-01-26||CVE-2023-0412|| Improper Resource Shutdown or Release vulnerability in multiple products |
TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
| 7.1 |
|2023-01-23||CVE-2022-48281|| Out-of-bounds Write vulnerability in multiple products |
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.
| 5.5 |
|2023-01-21||CVE-2023-24038|| The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. |
low complexityhtml-stripscripts-project debian
| 7.5 |
|2023-01-20||CVE-2022-48279|| Improper Privilege Management vulnerability in multiple products |
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall.
| 7.5 |
|2023-01-20||CVE-2023-24021||Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.|| 7.5 |
|2023-01-18||CVE-2022-47950|| Files or Directories Accessible to External Parties vulnerability in multiple products |
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0.
| 6.5 |
|2023-01-18||CVE-2023-22809|| Improper Privilege Management vulnerability in multiple products |
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process.
low complexitysudo-project debian fedoraproject CWE-269
| 7.8 |
|2023-01-17||CVE-2022-47929|| NULL Pointer Dereference vulnerability in multiple products |
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands.
| 5.5 |