Vulnerabilities > Debian > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-01-26 CVE-2022-47951 Path Traversal vulnerability in multiple products
An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0.
network
low complexity
openstack debian CWE-22
5.7
2023-01-23 CVE-2022-48281 Out-of-bounds Write vulnerability in multiple products
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image.
local
low complexity
libtiff debian CWE-787
5.5
2023-01-18 CVE-2022-47950 Files or Directories Accessible to External Parties vulnerability in multiple products
An issue was discovered in OpenStack Swift before 2.28.1, 2.29.x before 2.29.2, and 2.30.0.
network
low complexity
openstack debian CWE-552
6.5
2023-01-17 CVE-2022-47929 NULL Pointer Dereference vulnerability in multiple products
In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands.
local
low complexity
linux debian CWE-476
5.5
2023-01-14 CVE-2023-23589 The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002.
network
low complexity
torproject debian fedoraproject
6.5
2023-01-12 CVE-2023-23454 Type Confusion vulnerability in multiple products
cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
local
low complexity
linux debian CWE-843
5.5
2023-01-12 CVE-2023-23455 Type Confusion vulnerability in multiple products
atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results).
local
low complexity
linux debian CWE-843
5.5
2022-12-30 CVE-2022-34674 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak.
local
low complexity
nvidia debian
6.1
2022-12-30 CVE-2022-34680 Incorrect Conversion between Numeric Types vulnerability in multiple products
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service.
local
low complexity
nvidia debian CWE-681
5.5
2022-12-30 CVE-2022-42259 Integer Overflow or Wraparound vulnerability in multiple products
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service.
local
low complexity
nvidia debian CWE-190
5.5