Vulnerabilities > Debian > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-05 | CVE-2023-27635 | Injection vulnerability in Debian Debmany 0.88.1 debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of an eval call) via a crafted .deb file. | 7.8 |
2023-03-01 | CVE-2023-25221 | Out-of-bounds Write vulnerability in multiple products Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc. | 7.8 |
2023-02-23 | CVE-2023-23916 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. | 7.5 |
2023-02-22 | CVE-2023-26314 | The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. | 8.8 |
2023-02-15 | CVE-2023-0361 | Information Exposure Through Discrepancy vulnerability in multiple products A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. | 7.5 |
2023-02-15 | CVE-2023-24580 | Resource Exhaustion vulnerability in multiple products An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7. | 7.5 |
2023-02-01 | CVE-2023-23969 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. | 7.5 |
2023-01-27 | CVE-2020-36658 | Improper Certificate Validation vulnerability in multiple products In Apache::Session::LDAP before 0.5, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. | 8.1 |
2023-01-27 | CVE-2020-36659 | Improper Certificate Validation vulnerability in multiple products In Apache::Session::Browseable before 1.3.6, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. | 8.1 |
2023-01-26 | CVE-2023-0412 | Improper Resource Shutdown or Release vulnerability in multiple products TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file | 7.1 |