Vulnerabilities > Debian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-06 | CVE-2023-33460 | Memory Leak vulnerability in multiple products There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. | 6.5 |
| 2023-06-01 | CVE-2023-32324 | Out-of-bounds Write vulnerability in multiple products OpenPrinting CUPS is an open source printing system. | 5.5 |
| 2023-05-31 | CVE-2023-34256 | Out-of-bounds Read vulnerability in multiple products An issue was discovered in the Linux kernel before 6.3.3. | 5.5 |
| 2023-05-30 | CVE-2023-2952 | Infinite Loop vulnerability in multiple products XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file | 6.5 |
| 2023-05-30 | CVE-2023-2650 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. | 6.5 |
| 2023-05-26 | CVE-2023-2898 | NULL Pointer Dereference vulnerability in multiple products There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. | 4.7 |
| 2023-05-26 | CVE-2023-28321 | Improper Certificate Validation vulnerability in multiple products An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. | 5.9 |
| 2023-05-26 | CVE-2023-2854 | Out-of-bounds Write vulnerability in multiple products BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | 6.5 |
| 2023-05-26 | CVE-2023-2855 | Out-of-bounds Write vulnerability in multiple products Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | 6.5 |
| 2023-05-26 | CVE-2023-2856 | Out-of-bounds Write vulnerability in multiple products VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file | 6.5 |