Vulnerabilities (CVE)

Filtered by vendor Debian Subscribe
Total 9002 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-2137 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-10-03 N/A 8.8 HIGH
Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-2135 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-10-03 N/A 7.5 HIGH
Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2021-4043 2 Debian, Gpac 2 Debian Linux, Gpac 2024-10-02 4.3 MEDIUM 5.5 MEDIUM
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0.
CVE-2023-4357 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-10-01 N/A 8.8 HIGH
Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2023-4353 3 Debian, Fedoraproject, Google 3 Debian Linux, Fedora, Chrome 2024-10-01 N/A 8.8 HIGH
Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2020-27792 2 Artifex, Debian 2 Ghostscript, Debian Linux 2024-09-30 N/A 7.1 HIGH
A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service.
CVE-2021-3156 8 Beyondtrust, Debian, Fedoraproject and 5 more 31 Privilege Management For Mac, Privilege Management For Unix\/linux, Debian Linux and 28 more 2024-09-19 7.2 HIGH 7.8 HIGH
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVE-2024-37371 2 Debian, Mit 2 Debian Linux, Kerberos 5 2024-09-18 N/A 9.1 CRITICAL
In MIT Kerberos 5 (aka krb5) before 1.21.3, an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
CVE-2023-4911 5 Canonical, Debian, Fedoraproject and 2 more 17 Ubuntu Linux, Debian Linux, Fedora and 14 more 2024-09-17 N/A 7.8 HIGH
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
CVE-2023-7008 2 Debian, Systemd Project 2 Debian Linux, Systemd 2024-09-16 N/A 5.9 MEDIUM
A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.
CVE-2023-6816 4 Debian, Fedoraproject, Redhat and 1 more 7 Debian Linux, Fedora, Enterprise Linux Desktop and 4 more 2024-09-16 N/A 9.8 CRITICAL
A flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.
CVE-2023-6478 4 Debian, Redhat, Tigervnc and 1 more 6 Debian Linux, Enterprise Linux, Enterprise Linux Eus and 3 more 2024-09-16 N/A 7.5 HIGH
A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.
CVE-2023-6377 4 Debian, Redhat, Tigervnc and 1 more 6 Debian Linux, Enterprise Linux, Enterprise Linux Eus and 3 more 2024-09-16 N/A 7.8 HIGH
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.
CVE-2023-5380 4 Debian, Fedoraproject, Redhat and 1 more 5 Debian Linux, Fedora, Enterprise Linux and 2 more 2024-09-16 N/A 4.7 MEDIUM
A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode) if the pointer is warped from within a window on one screen to the root window of the other screen and if the original window is destroyed followed by another window being destroyed.
CVE-2023-5367 4 Debian, Fedoraproject, Redhat and 1 more 12 Debian Linux, Fedora, Enterprise Linux and 9 more 2024-09-16 N/A 7.8 HIGH
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
CVE-2023-39418 3 Debian, Postgresql, Redhat 3 Debian Linux, Postgresql, Enterprise Linux 2024-09-16 N/A 4.3 MEDIUM
A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.
CVE-2023-5115 2 Debian, Redhat 5 Debian Linux, Ansible Automation Platform, Ansible Developer and 2 more 2024-09-16 N/A 6.3 MEDIUM
An absolute path traversal attack exists in the Ansible automation platform. This flaw allows an attacker to craft a malicious Ansible role and make the victim execute the role. A symlink can be used to overwrite a file outside of the extraction path.
CVE-2024-0567 4 Debian, Fedoraproject, Gnu and 1 more 4 Debian Linux, Fedora, Gnutls and 1 more 2024-09-16 N/A 7.5 HIGH
A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.
CVE-2023-4147 4 Debian, Fedoraproject, Linux and 1 more 8 Debian Linux, Fedora, Linux Kernel and 5 more 2024-09-16 N/A 7.8 HIGH
A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.
CVE-2023-42756 4 Debian, Fedoraproject, Linux and 1 more 4 Debian Linux, Fedora, Linux Kernel and 1 more 2024-09-16 N/A 4.7 MEDIUM
A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.