Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2023-03-24 CVE-2023-28686 Authorization Bypass Through User-Controlled Key vulnerability in multiple products
Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message.
network
low complexity
dino fedoraproject debian CWE-639
7.1
2023-03-21 CVE-2022-42332 Use After Free vulnerability in multiple products
x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode.
local
low complexity
xen debian fedoraproject CWE-416
7.8
2023-03-21 CVE-2022-42333 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
x86/HVM pinned cache attributes mis-handling T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To allow cachability control for HVM guests with passed through devices, an interface exists to explicitly override defaults which would otherwise be put in place.
network
low complexity
xen debian fedoraproject CWE-770
8.6
2023-03-16 CVE-2023-28466 NULL Pointer Dereference vulnerability in multiple products
do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).
local
high complexity
linux netapp debian CWE-476
7.0
2023-03-10 CVE-2023-27530 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
network
low complexity
rack-project debian CWE-770
7.5
2023-03-07 CVE-2023-27522 HTTP Request Smuggling vulnerability in multiple products
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi.
network
low complexity
apache debian unbit CWE-444
7.5
2023-03-06 CVE-2023-1161 ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark debian
7.1
2023-03-05 CVE-2023-27635 Injection vulnerability in Debian Debmany 0.88.1
debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of an eval call) via a crafted .deb file.
local
low complexity
debian CWE-74
7.8
2023-03-03 CVE-2023-27561 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go.
local
high complexity
linuxfoundation redhat debian CWE-706
7.0
2023-03-01 CVE-2023-25221 Out-of-bounds Write vulnerability in multiple products
Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc.
local
low complexity
struktur debian CWE-787
7.8