Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-06-07 CVE-2023-0668 Out-of-bounds Write vulnerability in multiple products
Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
network
low complexity
wireshark debian CWE-787
6.5
2023-06-06 CVE-2023-33460 Memory Leak vulnerability in multiple products
There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function.
network
low complexity
yajl-project fedoraproject debian CWE-401
6.5
2023-06-01 CVE-2023-32324 Out-of-bounds Write vulnerability in multiple products
OpenPrinting CUPS is an open source printing system.
local
low complexity
openprinting debian CWE-787
5.5
2023-05-31 CVE-2023-34256 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in the Linux kernel before 6.3.3.
local
low complexity
linux suse debian CWE-125
5.5
2023-05-30 CVE-2023-2952 Infinite Loop vulnerability in multiple products
XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file
network
low complexity
wireshark debian CWE-835
6.5
2023-05-30 CVE-2023-34151 Integer Overflow or Wraparound vulnerability in multiple products
A vulnerability was found in ImageMagick.
5.5
2023-05-30 CVE-2023-2650 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit.
network
low complexity
openssl debian CWE-770
6.5
2023-05-26 CVE-2023-2898 NULL Pointer Dereference vulnerability in multiple products
There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel.
local
high complexity
linux debian netapp CWE-476
4.7
2023-05-26 CVE-2023-28321 Improper Certificate Validation vulnerability in multiple products
An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates.
network
high complexity
haxx debian fedoraproject netapp apple CWE-295
5.9
2023-05-26 CVE-2023-2854 Out-of-bounds Write vulnerability in multiple products
BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file
network
low complexity
wireshark debian CWE-787
6.5