Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2023-03-10 CVE-2023-27530 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.
network
low complexity
rack-project debian CWE-770
7.5
2023-03-07 CVE-2023-27522 HTTP Request Smuggling vulnerability in multiple products
HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi.
network
low complexity
apache debian unbit CWE-444
7.5
2023-03-06 CVE-2023-1161 ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark debian
7.1
2023-03-05 CVE-2023-27635 Injection vulnerability in Debian Debmany 0.88.1
debmany in debian-goodies 0.88.1 allows attackers to execute arbitrary shell commands (because of an eval call) via a crafted .deb file.
local
low complexity
debian CWE-74
7.8
2023-03-03 CVE-2023-27561 Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products
runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go.
local
high complexity
linuxfoundation redhat debian CWE-706
7.0
2023-03-01 CVE-2023-25221 Out-of-bounds Write vulnerability in multiple products
Libde265 v1.0.10 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function in motion.cc.
local
low complexity
struktur debian CWE-787
7.8
2023-02-22 CVE-2023-26314 The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.
network
low complexity
mono-project debian
8.8
2023-02-20 CVE-2023-24998 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. Note that, like all of the file upload limits, the new configuration option (FileUploadBase#setFileCountMax) is not enabled by default and must be explicitly configured.
network
low complexity
apache debian CWE-770
7.5
2023-02-15 CVE-2023-0361 Information Exposure Through Discrepancy vulnerability in multiple products
A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS.
network
high complexity
gnu redhat debian fedoraproject netapp CWE-203
7.4
2023-02-15 CVE-2023-24580 Resource Exhaustion vulnerability in multiple products
An issue was discovered in the Multipart Request Parser in Django 3.2 before 3.2.18, 4.0 before 4.0.10, and 4.1 before 4.1.7.
network
low complexity
djangoproject debian CWE-400
7.5