Vulnerabilities > Debian
|2023-01-26||CVE-2023-0412|| Improper Resource Shutdown or Release vulnerability in multiple products |
TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
| 7.1 |
|2023-01-23||CVE-2022-48281|| Out-of-bounds Write vulnerability in multiple products |
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.
| 5.5 |
|2023-01-21||CVE-2023-24038|| The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. |
low complexityhtml-stripscripts-project debian
| 7.5 |
|2023-01-20||CVE-2022-48279|| Improper Privilege Management vulnerability in multiple products |
In ModSecurity before 2.9.6 and 3.x before 3.0.8, HTTP multipart requests were incorrectly parsed and could bypass the Web Application Firewall.
| 7.5 |
|2023-01-20||CVE-2023-24021||Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.|| 7.5 |
|2023-01-18||CVE-2022-47950|| Files or Directories Accessible to External Parties vulnerability in multiple products |
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0.
| 6.5 |
|2023-01-18||CVE-2023-22809|| Improper Privilege Management vulnerability in multiple products |
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process.
low complexitysudo-project debian fedoraproject CWE-269
| 7.8 |
|2023-01-17||CVE-2022-47929|| NULL Pointer Dereference vulnerability in multiple products |
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands.
| 5.5 |
|2023-01-17||CVE-2022-46648|| Code Injection vulnerability in multiple products |
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product.
low complexityruby-git-project debian CWE-94
| 8.0 |
|2023-01-17||CVE-2022-47318|| ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product. |
low complexityruby-git-project debian fedoraproject
| 8.0 |