Vulnerabilities > Debian
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-18 | CVE-2023-22809 | Improper Privilege Management vulnerability in multiple products In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. | 7.8 |
| 2023-01-17 | CVE-2022-47929 | NULL Pointer Dereference vulnerability in multiple products In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. | 5.5 |
| 2023-01-17 | CVE-2022-46648 | Code Injection vulnerability in multiple products ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. | 8.0 |
| 2023-01-17 | CVE-2022-47318 | ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. | 8.0 |
| 2023-01-14 | CVE-2023-23589 | The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. | 6.5 |
| 2023-01-13 | CVE-2023-23559 | Integer Overflow or Wraparound vulnerability in multiple products In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. | 7.8 |
| 2023-01-12 | CVE-2023-23454 | Type Confusion vulnerability in multiple products cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | 5.5 |
| 2023-01-12 | CVE-2023-23455 | Type Confusion vulnerability in multiple products atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | 5.5 |
| 2023-01-10 | CVE-2022-4337 | An out-of-bounds read in Organization Specific TLV was found in various versions of OpenvSwitch. | 9.8 |
| 2023-01-10 | CVE-2022-4338 | An integer underflow in Organization Specific TLV was found in various versions of OpenvSwitch. | 9.8 |