Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Total 8946 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-20169 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-03-04 7.2 HIGH 6.8 MEDIUM
An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.
CVE-2022-48554 2 Debian, File Project 2 Debian Linux, File 2024-03-04 N/A 5.5 MEDIUM
File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project.
CVE-2023-52160 6 Debian, Fedoraproject, Google and 3 more 7 Debian Linux, Fedora, Android and 4 more 2024-03-04 N/A 6.5 MEDIUM
The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks.
CVE-2023-1872 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-02-29 N/A 7.0 HIGH
A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation. The io_file_get_fixed function lacks the presence of ctx->uring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered. We recommend upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8.
CVE-2022-3633 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-02-29 2.7 LOW 3.3 LOW
A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function j1939_session_destroy of the file net/can/j1939/transport.c. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211932.
CVE-2022-3629 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-02-29 1.4 LOW 3.3 LOW
A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsock_connect of the file net/vmw_vsock/af_vsock.c. The manipulation leads to memory leak. The complexity of an attack is rather high. The exploitation appears to be difficult. It is recommended to apply a patch to fix this issue. VDB-211930 is the identifier assigned to this vulnerability.
CVE-2023-23583 3 Debian, Intel, Netapp 443 Debian Linux, Core I3-1005g1, Core I3-1005g1 Firmware and 440 more 2024-02-28 N/A 7.8 HIGH
Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access.
CVE-2023-5997 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-02-28 N/A 8.8 HIGH
Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-6511 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-02-28 N/A 4.3 MEDIUM
Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)
CVE-2023-6857 5 Apple, Debian, Google and 2 more 7 Macos, Debian Linux, Android and 4 more 2024-02-28 N/A 5.3 MEDIUM
When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
CVE-2023-6112 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-02-28 N/A 8.8 HIGH
Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-6509 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-02-28 N/A 8.8 HIGH
Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High)
CVE-2023-6204 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2024-02-28 N/A 6.5 MEDIUM
On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
CVE-2023-6862 2 Debian, Mozilla 3 Debian Linux, Firefox Esr, Thunderbird 2024-02-28 N/A 8.8 HIGH
A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.
CVE-2023-6186 3 Debian, Fedoraproject, Libreoffice 3 Debian Linux, Fedora, Libreoffice 2024-02-28 N/A 8.8 HIGH
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.
CVE-2023-51766 3 Debian, Exim, Fedoraproject 4 Debian Linux, Exim, Extra Packages For Enterprise Linux and 1 more 2024-02-28 N/A 5.3 MEDIUM
Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not.
CVE-2024-0742 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2024-02-28 N/A 4.3 MEDIUM
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2023-6351 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-02-28 N/A 8.8 HIGH
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High)
CVE-2023-6861 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2024-02-28 N/A 8.8 HIGH
The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
CVE-2023-6212 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2024-02-28 N/A 8.8 HIGH
Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.