Debian Debian Linux Operating System

Do you want an email whenever new security vulnerabilities are reported in any Debian product?

Products by Debian Sorted by Most Security Vulnerabilities since 2018

Debian Linux6923 vulnerabilities
OS

Debian Shadow6 vulnerabilities

Debian Advanced Package Tool5 vulnerabilities

Debian Duck1 vulnerability

Debian X11 Common1 vulnerability

Debian Tmpreaper1 vulnerability

Debian Tin1 vulnerability

Debian Schroot1 vulnerability

Debian Pyftpd1 vulnerability

Debian Perm1 vulnerability

Debian Os Prober1 vulnerability

Debian Nss Ldap1 vulnerability

Debian Logcheck1 vulnerability

Debian Lintian1 vulnerability

Debian Initramfs Tools1 vulnerability

Debian Dpkg Cross1 vulnerability

Debian Dpkg1 vulnerability

Debian Devscripts1 vulnerability

Debian Debmany1 vulnerability

Debian Lan Config1 vulnerability

Debian Crossroads1 vulnerability

Debian Cron1 vulnerability

Debian Courier Authlib1 vulnerability

Debian Base Config1 vulnerability

Debian Apt1 vulnerability

By the Year

In 2024 there have been 21 vulnerabilities in Debian with an average score of 7.2 out of ten. Last year Debian had 496 security vulnerabilities published. Right now, Debian is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.10.

Year Vulnerabilities Average Score
2024 21 7.18
2023 496 7.08
2022 961 7.25
2021 1078 7.24
2020 1043 6.78
2019 1002 7.25
2018 1133 7.31

It may take a day or so for new Debian vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Debian Security Vulnerabilities

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd)

CVE-2024-6387 8.1 - High - July 01, 2024

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Race Condition

An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier

CVE-2024-5629 8.1 - High - June 05, 2024

An out-of-bounds read in the 'bson' module of PyMongo 4.6.2 or earlier allows deserialization of malformed BSON provided by a Server to raise an exception which may contain arbitrary application memory.

Out-of-bounds Read

The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass

CVE-2023-52160 6.5 - Medium - February 22, 2024

The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.

authentification

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load

CVE-2024-0742 4.3 - Medium - January 23, 2024

It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6

CVE-2024-0755 8.8 - High - January 23, 2024

Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash

CVE-2024-0741 6.5 - Medium - January 23, 2024

An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

Memory Corruption

In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain

CVE-2024-0753 6.5 - Medium - January 23, 2024

In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

A malicious devtools extension could have been used to escalate privileges

CVE-2024-0751 8.8 - High - January 23, 2024

A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

Improper Privilege Management

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions

CVE-2024-0750 8.8 - High - January 23, 2024

A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar

CVE-2024-0749 4.3 - Medium - January 23, 2024

A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7.

Origin Validation Error

When a parent page loaded a child in an iframe with `unsafe-inline`

CVE-2024-0747 6.5 - Medium - January 23, 2024

When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

A Linux user opening the print preview dialog could have caused the browser to crash

CVE-2024-0746 6.5 - Medium - January 23, 2024

A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

Pillow through 10.1.0

CVE-2023-50447 8.1 - High - January 19, 2024

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).

Code Injection

A flaw was found in X.Org server

CVE-2023-6816 9.8 - Critical - January 18, 2024

A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.

Memory Corruption

Vulnerability in the Oracle Java SE

CVE-2024-20926 5.9 - Medium - January 16, 2024

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

Vulnerability in the Oracle Java SE

CVE-2024-20952 7.4 - High - January 16, 2024

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

Vulnerability in the Oracle Java SE

CVE-2024-20918 7.4 - High - January 16, 2024

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).

A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust

CVE-2024-0567 7.5 - High - January 16, 2024

A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.

Improper Verification of Cryptographic Signature

An issue was discovered in the Linux kernel before 6.6.8

CVE-2023-51782 7 - High - January 11, 2024

An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition.

Dangling pointer

An issue was discovered in the Linux kernel before 6.6.8

CVE-2023-51781 7 - High - January 11, 2024

An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition.

Dangling pointer

An issue was discovered in the Linux kernel before 6.6.8

CVE-2023-51780 7 - High - January 11, 2024

An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.

Dangling pointer

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files

CVE-2023-7101 7.8 - High - December 24, 2023

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type eval. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.

Code Injection

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations

CVE-2023-51766 5.3 - Medium - December 24, 2023

Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.

Insufficient Verification of Data Authenticity

Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129

CVE-2023-7024 8.8 - High - December 21, 2023

Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Memory safety bugs present in Firefox 120

CVE-2023-6873 8.8 - High - December 19, 2023

Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121.

Memory Corruption

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts

CVE-2023-6867 6.1 - Medium - December 19, 2023

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.

Clickjacking

`EncryptingOutputStream` was susceptible to exposing uninitialized data

CVE-2023-6865 6.5 - Medium - December 19, 2023

`EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.

Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5

CVE-2023-6864 8.8 - High - December 19, 2023

Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Memory Corruption

The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type

CVE-2023-6863 8.8 - High - December 19, 2023

The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

A use-after-free was identified in the `nsDNSService::Init`

CVE-2023-6862 8.8 - High - December 19, 2023

A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.

Dangling pointer

The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode

CVE-2023-6861 8.8 - High - December 19, 2023

The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Memory Corruption

The `VideoBridge` allowed any content process to use textures produced by remote decoders

CVE-2023-6860 6.5 - Medium - December 19, 2023

The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

A use-after-free condition affected TLS socket creation when under memory pressure

CVE-2023-6859 8.8 - High - December 19, 2023

A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Dangling pointer

Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling

CVE-2023-6858 8.8 - High - December 19, 2023

Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Memory Corruption

When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary

CVE-2023-6857 5.3 - Medium - December 19, 2023

When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Race Condition

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver

CVE-2023-6856 8.8 - High - December 19, 2023

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

Memory Corruption

When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user

CVE-2023-50762 4.3 - Medium - December 19, 2023

When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. This is because the text was interpreted as a MIME message and the first paragraph was always treated as an email header section. A digitally signed text from a different context, such as a signed GIT commit, could be used to spoof an email message. This vulnerability affects Thunderbird < 115.6.

The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time

CVE-2023-50761 4.3 - Medium - December 19, 2023

The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be used to give recipients the impression that a message was sent at a different date or time. This vulnerability affects Thunderbird < 115.6.

A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component

CVE-2023-6931 7 - High - December 19, 2023

A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b.

Memory Corruption

In ssh in OpenSSH before 9.6

CVE-2023-51385 6.5 - Medium - December 18, 2023

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.

Shell injection

In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied

CVE-2023-51384 5.5 - Medium - December 18, 2023

In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such

CVE-2023-48795 5.9 - Medium - December 18, 2023

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.

Improper Validation of Integrity Check Value

An absolute path traversal attack exists in the Ansible automation platform

CVE-2023-5115 6.3 - Medium - December 18, 2023

An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.

Directory traversal

A flaw was found in xorg-server

CVE-2023-6478 7.5 - High - December 13, 2023

A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.

Integer Overflow or Wraparound

A flaw was found in xorg-server

CVE-2023-6377 7.8 - High - December 13, 2023

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.

Out-of-bounds Read

The issue was addressed with improved memory handling

CVE-2023-42883 5.5 - Medium - December 12, 2023

The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, macOS Sonoma 14.2, iOS 17.2 and iPadOS 17.2, watchOS 10.2, tvOS 17.2, iOS 16.7.3 and iPadOS 16.7.3. Processing an image may lead to a denial-of-service.

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice

CVE-2023-6185 8.8 - High - December 11, 2023

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.

Insufficient macro permission validation of The Document Foundation LibreOffice

CVE-2023-6186 8.8 - High - December 11, 2023

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.

Improper Preservation of Permissions

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection

CVE-2023-45866 6.3 - Medium - December 08, 2023

Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue.

authentification

Use after free in Media Stream in Google Chrome prior to 120.0.6099.62

CVE-2023-6508 8.8 - High - December 06, 2023

Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62

CVE-2023-6509 8.8 - High - December 06, 2023

Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High)

Dangling pointer

Use after free in Media Capture in Google Chrome prior to 120.0.6099.62

CVE-2023-6510 8.8 - High - December 06, 2023

Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)

Dangling pointer

Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62

CVE-2023-6511 4.3 - Medium - December 06, 2023

Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62

CVE-2023-6512 6.5 - Medium - December 06, 2023

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page. (Chromium security severity: Low)

The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication

CVE-2023-40462 7.5 - High - December 04, 2023

The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router functions. ACEManager recovers from the DoS condition by restarting within ten seconds of becoming unavailable.

assertion failure

An out-of-bounds read was addressed with improved input validation

CVE-2023-42916 6.5 - Medium - November 30, 2023

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

Out-of-bounds Read

A memory corruption vulnerability was addressed with improved locking

CVE-2023-42917 8.8 - High - November 30, 2023

A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2, Safari 17.1.2. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited against versions of iOS before iOS 16.7.1.

Memory Corruption

Use after free in WebAudio in Google Chrome prior to 119.0.6045.199

CVE-2023-6346 8.8 - High - November 29, 2023

Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Mojo in Google Chrome prior to 119.0.6045.199

CVE-2023-6347 8.8 - High - November 29, 2023

Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in libavif in Google Chrome prior to 119.0.6045.199

CVE-2023-6350 8.8 - High - November 29, 2023

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)

Dangling pointer

Integer overflow in Skia in Google Chrome prior to 119.0.6045.199

CVE-2023-6345 9.6 - Critical - November 29, 2023

Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

Integer Overflow or Wraparound

Use after free in libavif in Google Chrome prior to 119.0.6045.199

CVE-2023-6351 8.8 - High - November 29, 2023

Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)

Dangling pointer

Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199

CVE-2023-6348 8.8 - High - November 29, 2023

Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

When using X11

CVE-2023-6208 8.8 - High - November 21, 2023

When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/

CVE-2023-6209 6.5 - Medium - November 21, 2023

Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Directory traversal

Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4

CVE-2023-6212 8.8 - High - November 21, 2023

Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Memory Corruption

Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120

CVE-2023-6207 8.8 - High - November 21, 2023

Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Dangling pointer

The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts

CVE-2023-6206 5.4 - Medium - November 21, 2023

The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Clickjacking

It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash

CVE-2023-6205 6.5 - Medium - November 21, 2023

It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Dangling pointer

On some systemsdepending on the graphics settings and driversit was possible to force an out-of-bounds read and leak memory data into the images created on the

CVE-2023-6204 6.5 - Medium - November 21, 2023

On some systemsdepending on the graphics settings and driversit was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.

Out-of-bounds Read

SSH dissector crash in Wireshark 4.0.0 to 4.0.10

CVE-2023-6174 6.5 - Medium - November 16, 2023

SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file

Injection

Use after free in Navigation in Google Chrome prior to 119.0.6045.159

CVE-2023-6112 8.8 - High - November 15, 2023

Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159

CVE-2023-5997 8.8 - High - November 15, 2023

Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may

CVE-2023-23583 7.8 - High - November 14, 2023

Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.

Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6

CVE-2023-46849 7.5 - High - November 11, 2023

Using the --fragment option in certain configuration setups OpenVPN version 2.6.0 to 2.6.6 allows an attacker to trigger a divide by zero behaviour which could cause an application crash, leading to a denial of service.

Divide By Zero

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir

CVE-2023-46850 9.8 - Critical - November 11, 2023

Use after free in OpenVPN version 2.6.0 to 2.6.6 may lead to undefined behavoir, leaking memory buffers or remote execution when sending network buffers to a remote peer.

Dangling pointer

Use after free in WebAudio in Google Chrome prior to 119.0.6045.123

CVE-2023-5996 8.8 - High - November 08, 2023

Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5

CVE-2023-47272 6.1 - Medium - November 06, 2023

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).

XSS

Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105

CVE-2023-5858 4.3 - Medium - November 01, 2023

Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)

Origin Validation Error

Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105

CVE-2023-5859 4.3 - Medium - November 01, 2023

Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low)

Origin Validation Error

Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105

CVE-2023-5857 8.8 - High - November 01, 2023

Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium)

Use after free in Side Panel in Google Chrome prior to 119.0.6045.105

CVE-2023-5856 8.8 - High - November 01, 2023

Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105

CVE-2023-5480 6.1 - Medium - November 01, 2023

Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)

XSS

Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105

CVE-2023-5482 8.8 - High - November 01, 2023

Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Insufficient Verification of Data Authenticity

Integer overflow in USB in Google Chrome prior to 119.0.6045.105

CVE-2023-5849 8.8 - High - November 01, 2023

Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Integer Overflow or Wraparound

Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105

CVE-2023-5850 4.3 - Medium - November 01, 2023

Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)

Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105

CVE-2023-5851 4.3 - Medium - November 01, 2023

Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

Origin Validation Error

Use after free in Printing in Google Chrome prior to 119.0.6045.105

CVE-2023-5852 8.8 - High - November 01, 2023

Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

Dangling pointer

Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105

CVE-2023-5855 8.8 - High - November 01, 2023

Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

Dangling pointer

Use after free in Profiles in Google Chrome prior to 119.0.6045.105

CVE-2023-5854 8.8 - High - November 01, 2023

Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)

Dangling pointer

Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105

CVE-2023-5853 4.3 - Medium - November 01, 2023

Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)

Origin Validation Error

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution

CVE-2023-46604 9.8 - Critical - October 27, 2023

The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. This vulnerability may allow a remote attacker with network access to either a Java-based OpenWire broker or client to run arbitrary shell commands by manipulating serialized class types in the OpenWire protocol to cause either the client or the broker (respectively) to instantiate any class on the classpath. Users are recommended to upgrade both brokers and clients to version 5.15.16, 5.16.7, 5.17.6, or 5.18.3 which fixes this issue.

Marshaling, Unmarshaling

VMware Tools contains a SAML token signature bypass vulnerability

CVE-2023-34058 7.5 - High - October 27, 2023

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

Improper Verification of Cryptographic Signature

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper

CVE-2023-34059 7 - High - October 27, 2023

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.

browserify-sign is a package to duplicate the functionality of node's crypto public key functions

CVE-2023-46234 7.5 - High - October 26, 2023

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. An upper bound check issue in `dsaVerify` function allows an attacker to construct signatures that can be successfully verified by any public key, thus leading to a signature forgery attack. All places in this project that involve DSA verification of user-input signatures will be affected by this vulnerability. This issue has been patched in version 4.2.2.

Improper Verification of Cryptographic Signature

A use-after-free flaw was found in the xorg-x11-server

CVE-2023-5380 4.7 - Medium - October 25, 2023

A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.

Dangling pointer

A out-of-bounds write flaw was found in the xorg-x11-server

CVE-2023-5367 7.8 - High - October 25, 2023

A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.

Memory Corruption

The issue was addressed with improved memory handling

CVE-2023-41983 6.5 - Medium - October 25, 2023

The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.1, Safari 17.1, iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1. Processing web content may lead to a denial-of-service.

Buffer Overflow

A logic issue was addressed with improved checks

CVE-2023-42852 8.8 - High - October 25, 2023

A logic issue was addressed with improved checks. This issue is fixed in iOS 17.1 and iPadOS 17.1, watchOS 10.1, iOS 16.7.2 and iPadOS 16.7.2, macOS Sonoma 14.1, Safari 17.1, tvOS 17.1. Processing web content may lead to arbitrary code execution.

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3

CVE-2023-46316 5.5 - Medium - October 25, 2023

In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines.

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.