Vulnerabilities > Debian > High

DATE CVE VULNERABILITY TITLE RISK
2023-01-20 CVE-2023-24021 Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection.
network
low complexity
trustwave debian
7.5
2023-01-18 CVE-2023-22809 Improper Privilege Management vulnerability in multiple products
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process.
7.8
2023-01-17 CVE-2022-46648 Code Injection vulnerability in multiple products
ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product.
network
low complexity
ruby-git-project debian CWE-94
8.0
2023-01-17 CVE-2022-47318 ruby-git versions prior to v1.13.0 allows a remote authenticated attacker to execute an arbitrary ruby code by having a user to load a repository containing a specially crafted filename to the product.
network
low complexity
ruby-git-project debian fedoraproject
8.0
2023-01-13 CVE-2023-23559 Integer Overflow or Wraparound vulnerability in multiple products
In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.
local
low complexity
linux netapp debian CWE-190
7.8
2023-01-09 CVE-2022-2196 Insecure Default Initialization of Resource vulnerability in multiple products
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1.
local
low complexity
linux debian CWE-1188
8.8
2023-01-05 CVE-2022-47655 Out-of-bounds Write vulnerability in multiple products
Libde265 1.0.9 is vulnerable to Buffer Overflow in function void put_qpel_fallback<unsigned short>
local
low complexity
struktur debian CWE-787
7.8
2022-12-30 CVE-2022-34670 Incorrect Conversion between Numeric Types vulnerability in multiple products
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure.
local
low complexity
nvidia debian CWE-681
7.8
2022-12-30 CVE-2022-34677 Incorrect Conversion between Numeric Types vulnerability in multiple products
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering.
local
low complexity
nvidia debian CWE-681
7.1
2022-12-30 CVE-2022-42257 Integer Overflow or Wraparound vulnerability in multiple products
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service.
local
low complexity
nvidia debian CWE-190
7.3