Debian Linux Operating System
Products by Debian Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2023 there have been 412 vulnerabilities in Debian with an average score of 7.1 out of ten. Last year Debian had 949 security vulnerabilities published. Right now, Debian is on track to have less security vulnerabilities in 2023 than it did last year. Last year, the average CVE base score was greater by 0.17
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 412 | 7.09 |
2022 | 949 | 7.26 |
2021 | 1073 | 7.24 |
2020 | 1040 | 6.78 |
2019 | 995 | 7.25 |
2018 | 1133 | 7.31 |
It may take a day or so for new Debian vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Debian Security Vulnerabilities
Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199
CVE-2023-6348
8.8 - High
- November 29, 2023
Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Object Type Confusion
Use after free in libavif in Google Chrome prior to 119.0.6045.199
CVE-2023-6351
8.8 - High
- November 29, 2023
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)
Dangling pointer
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199
CVE-2023-6345
9.6 - Critical
- November 29, 2023
Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
Integer Overflow or Wraparound
Use after free in WebAudio in Google Chrome prior to 119.0.6045.199
CVE-2023-6346
8.8 - High
- November 29, 2023
Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in Mojo in Google Chrome prior to 119.0.6045.199
CVE-2023-6347
8.8 - High
- November 29, 2023
Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Use after free in libavif in Google Chrome prior to 119.0.6045.199
CVE-2023-6350
8.8 - High
- November 29, 2023
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)
Dangling pointer
Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4
CVE-2023-6212
8.8 - High
- November 21, 2023
Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Memory Corruption
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/
CVE-2023-6209
6.5 - Medium
- November 21, 2023
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Directory traversal
When using X11
CVE-2023-6208
8.8 - High
- November 21, 2023
When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120
CVE-2023-6207
8.8 - High
- November 21, 2023
Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Dangling pointer
The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts
CVE-2023-6206
5.4 - Medium
- November 21, 2023
The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Clickjacking
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash
CVE-2023-6205
6.5 - Medium
- November 21, 2023
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Dangling pointer
On some systemsdepending on the graphics settings and driversit was possible to force an out-of-bounds read and leak memory data into the images created on the
CVE-2023-6204
6.5 - Medium
- November 21, 2023
On some systemsdepending on the graphics settings and driversit was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Out-of-bounds Read
SSH dissector crash in Wireshark 4.0.0 to 4.0.10
CVE-2023-6174
6.5 - Medium
- November 16, 2023
SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file
Injection
Use after free in Navigation in Google Chrome prior to 119.0.6045.159
CVE-2023-6112
8.8 - High
- November 15, 2023
Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may
CVE-2023-23583
7.8 - High
- November 14, 2023
Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6
CVE-2023-46849
7.5 - High
- November 11, 2023
Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.
Divide By Zero
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir
CVE-2023-46850
9.8 - Critical
- November 11, 2023
Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.
Dangling pointer
Use after free in WebAudio in Google Chrome prior to 119.0.6045.123
CVE-2023-5996
8.8 - High
- November 08, 2023
Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105
CVE-2023-5859
4.3 - Medium
- November 01, 2023
Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low)
Origin Validation Error
Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105
CVE-2023-5858
4.3 - Medium
- November 01, 2023
Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)
Origin Validation Error
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105
CVE-2023-5857
8.8 - High
- November 01, 2023
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium)
Use after free in Side Panel in Google Chrome prior to 119.0.6045.105
CVE-2023-5856
8.8 - High
- November 01, 2023
Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105
CVE-2023-5855
8.8 - High
- November 01, 2023
Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
Dangling pointer
Use after free in Profiles in Google Chrome prior to 119.0.6045.105
CVE-2023-5854
8.8 - High
- November 01, 2023
Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
Dangling pointer
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105
CVE-2023-5853
4.3 - Medium
- November 01, 2023
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
Origin Validation Error
Use after free in Printing in Google Chrome prior to 119.0.6045.105
CVE-2023-5852
8.8 - High
- November 01, 2023
Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)
Dangling pointer
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105
CVE-2023-5851
4.3 - Medium
- November 01, 2023
Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)
Origin Validation Error
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105
CVE-2023-5850
4.3 - Medium
- November 01, 2023
Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)
Integer overflow in USB in Google Chrome prior to 119.0.6045.105
CVE-2023-5849
8.8 - High
- November 01, 2023
Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Integer Overflow or Wraparound
Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105
CVE-2023-5482
8.8 - High
- November 01, 2023
Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Insufficient Verification of Data Authenticity
Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105
CVE-2023-5480
6.1 - Medium
- November 01, 2023
Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)
XSS
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper
CVE-2023-34059
7 - High
- October 27, 2023
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
VMware Tools contains a SAML token signature bypass vulnerability
CVE-2023-34058
7.5 - High
- October 27, 2023
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
Improper Verification of Cryptographic Signature
browserify-sign is a package to duplicate the functionality of node's crypto public key functions
CVE-2023-46234
7.5 - High
- October 26, 2023
browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.
Improper Verification of Cryptographic Signature
A use-after-free flaw was found in the xorg-x11-server
CVE-2023-5380
4.7 - Medium
- October 25, 2023
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.
Dangling pointer
A out-of-bounds write flaw was found in the xorg-x11-server
CVE-2023-5367
7.8 - High
- October 25, 2023
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
Memory Corruption
An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited
CVE-2023-5732
6.5 - Medium
- October 25, 2023
An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3
CVE-2023-5730
9.8 - Critical
- October 25, 2023
Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
Memory Corruption
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay
CVE-2023-5721
4.3 - Medium
- October 25, 2023
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
Clickjacking
Use after free in Profiles in Google Chrome prior to 118.0.5993.117
CVE-2023-5472
8.8 - High
- October 25, 2023
Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3
CVE-2023-46316
5.5 - Medium
- October 25, 2023
In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines.
During garbage collection extra operations were performed on a object that should not be
CVE-2023-5728
7.5 - High
- October 25, 2023
During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
A malicious installed WebExtension could open arbitrary URLs
CVE-2023-5725
4.3 - Medium
- October 25, 2023
A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash
CVE-2023-5724
7.5 - High
- October 25, 2023
Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1.
Issue summary: A bug has been identified in the processing of key and
initialisation vector (IV) lengths
CVE-2023-5363
7.5 - High
- October 25, 2023
Issue summary: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Impact summary: A truncation in the IV can result in non-uniqueness, which could result in loss of confidentiality for some cipher modes. When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after the key and IV have been established. Any alterations to the key length, via the "keylen" parameter or the IV length, via the "ivlen" parameter, within the OSSL_PARAM array will not take effect as intended, potentially causing truncation or overreading of these values. The following ciphers and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB. For the CCM, GCM and OCB cipher modes, truncation of the IV can result in loss of confidentiality. For example, when following NIST's SP 800-38D section 8.2.1 guidance for constructing a deterministic IV for AES in GCM mode, truncation of the counter portion could lead to IV reuse. Both truncations and overruns of the key and overruns of the IV will produce incorrect results and could, in some cases, trigger a memory exception. However, these issues are not currently assessed as security critical. Changing the key and/or IV lengths is not considered to be a common operation and the vulnerable API was recently introduced. Furthermore it is likely that application developers will have spotted this problem during testing since decryption would fail unless both peers in the communication were similarly vulnerable. For these reasons we expect the probability of an application being vulnerable to this to be quite low. However if an application is vulnerable then this issue is considered very serious. For these reasons we have assessed this issue as Moderate severity overall. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because the issue lies outside of the FIPS provider boundary. OpenSSL 3.1 and 3.0 are vulnerable to this issue.
Redis is an in-memory database that persists on disk
CVE-2023-45145
3.6 - Low
- October 18, 2023
Redis is an in-memory database that persists on disk. On startup, Redis begins listening on a Unix socket before adjusting its permissions to the user-provided configuration. If a permissive umask(2) is used, this creates a race condition that enables, during a short period of time, another process to establish an otherwise unauthorized connection. This problem has existed since Redis 2.6.0-RC1. This issue has been addressed in Redis versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade. For users unable to upgrade, it is possible to work around the problem by disabling Unix sockets, starting Redis with a restrictive umask, or storing the Unix socket file in a protected directory.
Exposure of Resource to Wrong Sphere
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4
CVE-2023-5631
5.4 - Medium
- October 18, 2023
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcube_washtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code.
XSS
Babel is a compiler for writingJavaScript
CVE-2023-45133
8.8 - High
- October 12, 2023
Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution during compilation, when using plugins that rely on the `path.evaluate()`or `path.evaluateTruthy()` internal Babel methods. Known affected plugins are `@babel/plugin-transform-runtime`; `@babel/preset-env` when using its `useBuiltIns` option; and any "polyfill provider" plugin that depends on `@babel/helper-define-polyfill-provider`, such as `babel-plugin-polyfill-corejs3`, `babel-plugin-polyfill-corejs2`, `babel-plugin-polyfill-es-shims`, `babel-plugin-polyfill-regenerator`. No other plugins under the `@babel/` namespace are impacted, but third-party plugins might be. Users that only compile trusted code are not impacted. The vulnerability has been fixed in `@babel/traverse@7.23.2` and `@babel/traverse@8.0.0-alpha.4`. Those who cannot upgrade `@babel/traverse` and are using one of the affected packages mentioned above should upgrade them to their latest version to avoid triggering the vulnerable code path in affected `@babel/traverse` versions: `@babel/plugin-transform-runtime` v7.23.2, `@babel/preset-env` v7.23.2, `@babel/helper-define-polyfill-provider` v0.4.3, `babel-plugin-polyfill-corejs2` v0.4.6, `babel-plugin-polyfill-corejs3` v0.8.5, `babel-plugin-polyfill-es-shims` v0.10.0, `babel-plugin-polyfill-regenerator` v0.5.3.
Incorrect Comparison
Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70
CVE-2023-5218
8.8 - High
- October 11, 2023
Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
Dangling pointer
Use after free in Cast in Google Chrome prior to 118.0.5993.70
CVE-2023-5473
6.3 - Medium
- October 11, 2023
Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)
Dangling pointer
Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70
CVE-2023-5474
8.8 - High
- October 11, 2023
Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)
Memory Corruption
Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70
CVE-2023-5475
6.5 - Medium
- October 11, 2023
Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium)
Use after free in Blink History in Google Chrome prior to 118.0.5993.70
CVE-2023-5476
8.8 - High
- October 11, 2023
Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Dangling pointer
Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70
CVE-2023-5477
4.3 - Medium
- October 11, 2023
Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low)
Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70
CVE-2023-5478
4.3 - Medium
- October 11, 2023
Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70
CVE-2023-5479
6.5 - Medium
- October 11, 2023
Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70
CVE-2023-5481
6.5 - Medium
- October 11, 2023
Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70
CVE-2023-5483
6.5 - Medium
- October 11, 2023
Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70
CVE-2023-5484
6.5 - Medium
- October 11, 2023
Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70
CVE-2023-5485
4.3 - Medium
- October 11, 2023
Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70
CVE-2023-5486
4.3 - Medium
- October 11, 2023
Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70
CVE-2023-5487
6.5 - Medium
- October 11, 2023
Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)
Improper Input Validation vulnerability in Apache Tomcat.Tomcat
CVE-2023-45648
5.3 - Medium
- October 10, 2023
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue.
Improper Input Validation
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat
CVE-2023-42795
5.3 - Medium
- October 10, 2023
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue.
Insufficient Cleanup
The HTTP/2 protocol
CVE-2023-44487
7.5 - High
- October 10, 2023
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Resource Exhaustion
libcue provides an API for parsing and extracting data from CUE sheets
CVE-2023-43641
8.8 - High
- October 09, 2023
libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0.
Memory Corruption
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1
CVE-2023-45363
7.5 - High
- October 09, 2023
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.
Infinite Loop
An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1
CVE-2023-45364
5.3 - Medium
- October 09, 2023
An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information.
Incorrect Permission Assignment for Critical Resource
A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5
CVE-2023-39928
8.8 - High
- October 06, 2023
A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.
Dangling pointer
A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel
CVE-2023-42755
5.5 - Medium
- October 05, 2023
A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.
Out-of-bounds Read
urllib3 is a user-friendly HTTP client library for Python
CVE-2023-43804
8.1 - High
- October 04, 2023
urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.
Information Disclosure
VP9 in libvpx before 1.13.1 mishandles widths
CVE-2023-44488
7.5 - High
- September 30, 2023
VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.
Improper Handling of Exceptional Conditions
Use after free in Passwords in Google Chrome prior to 117.0.5938.132
CVE-2023-5186
8.8 - High
- September 28, 2023
Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High)
Dangling pointer
Use after free in Extensions in Google Chrome prior to 117.0.5938.132
CVE-2023-5187
8.8 - High
- September 28, 2023
Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Dangling pointer
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1
CVE-2023-5217
8.8 - High
- September 28, 2023
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Memory Corruption
A flaw was found in the Netfilter subsystem of the Linux kernel
CVE-2023-42756
4.7 - Medium
- September 28, 2023
A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.
Race Condition
A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write
CVE-2023-5169
6.5 - Medium
- September 27, 2023
A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
Memory Corruption
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes
CVE-2023-5171
6.5 - Medium
- September 27, 2023
During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
Dangling pointer
Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2
CVE-2023-5176
9.8 - Critical
- September 27, 2023
Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
Memory Corruption
The issue was addressed with improved checks
CVE-2023-41074
8.8 - High
- September 27, 2023
The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel
CVE-2023-42753
7.8 - High
- September 25, 2023
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.
Memory Corruption
The fix for XSA-423 added logic to Linux'es netback driver to deal with
a frontend splitting a packet in a way such
CVE-2023-34319
7.8 - High
- September 22, 2023
The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split into as many pieces as permitted by the protocol, yet still being smaller than the area that's specially dealt with to keep all (possible) headers together. Such an unusual packet would therefore trigger a buffer overrun in the driver.
Memory Corruption
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3
CVE-2023-43770
6.1 - Medium
- September 22, 2023
Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior.
XSS
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document
CVE-2023-4504
7 - High
- September 21, 2023
Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.
Memory Corruption
The issue was addressed with improved checks
CVE-2023-41993
9.8 - Critical
- September 21, 2023
The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.
Improper Check for Unusual or Exceptional Conditions
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17
CVE-2023-42464
9.8 - Critical
- September 20, 2023
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967.
Object Type Confusion
Jetty is a Java based web server and servlet engine
CVE-2023-41900
4.3 - Medium
- September 15, 2023
Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenticated user, then the current request will still treat the user as authenticated. The authentication is then cleared from the session and subsequent requests will not be treated as authenticated. So a request on a previously authenticated session could be allowed to bypass authentication after it had been rejected by the `LoginService`. This impacts usages of the jetty-openid which have configured a nested `LoginService` and where that `LoginService` will is capable of rejecting previously authenticated users. Versions 9.4.52, 10.0.16, and 11.0.16 have a patch for this issue.
1390
Jetty is a Java based web server and servlet engine
CVE-2023-40167
5.3 - Medium
- September 15, 2023
Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario.
length manipulation
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project
CVE-2023-36479
4.3 - Medium
- September 15, 2023
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.
Improper Neutralization of Quoting Syntax
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62
CVE-2023-4900
4.3 - Medium
- September 12, 2023
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62
CVE-2023-4909
4.3 - Medium
- September 12, 2023
Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62
CVE-2023-4908
4.3 - Medium
- September 12, 2023
Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62
CVE-2023-4907
4.3 - Medium
- September 12, 2023
Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)
Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62
CVE-2023-4906
4.3 - Medium
- September 12, 2023
Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62
CVE-2023-4905
4.3 - Medium
- September 12, 2023
Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62
CVE-2023-4903
4.3 - Medium
- September 12, 2023
Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62
CVE-2023-4902
4.3 - Medium
- September 12, 2023
Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62
CVE-2023-4901
4.3 - Medium
- September 12, 2023
Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62
CVE-2023-4904
4.3 - Medium
- September 12, 2023
Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium)