Debian Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-19	CVE-2023-6931	Out-of-bounds Write vulnerability in multiple products A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recommend upgrading past commit 382c27f4ed28f803b1f1473ac2d8db0afc795a1b. local high complexity linux debian CWE-787	7.0
2023-12-18	CVE-2023-51384	In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. local low complexity openbsd debian	5.5
2023-12-18	CVE-2023-51385	OS Command Injection vulnerability in multiple products In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. network low complexity openbsd debian CWE-78	6.5
2023-12-18	CVE-2023-48795	Improper Validation of Integrity Check Value vulnerability in multiple products The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. network high complexity openbsd putty filezilla-project microsoft panic roumenpetrov winscp bitvise lancom-systems vandyke libssh net-ssh ssh2-project proftpd freebsd crates tera-term-project oryx-embedded crushftp netsarang paramiko redhat golang russh-project sftpgo-project erlang matez libssh2 asyncssh-project dropbear-ssh-project jadaptive ssh thorntech netgate connectbot apache tinyssh trilead 9bis gentoo fedoraproject debian apple CWE-354	5.9
2023-12-18	CVE-2023-5115	Absolute Path Traversal vulnerability in multiple products An absolute path traversal attack exists in the Ansible automation platform. network low complexity redhat debian CWE-36	6.3
2023-12-13	CVE-2023-6377	Out-of-bounds Read vulnerability in multiple products A flaw was found in xorg-server. local low complexity redhat debian x-org tigervnc CWE-125	7.8
2023-12-13	CVE-2023-6478	Integer Overflow or Wraparound vulnerability in multiple products A flaw was found in xorg-server. network low complexity x-org redhat debian tigervnc CWE-190	7.5
2023-12-12	CVE-2023-42883	The issue was addressed with improved memory handling. local low complexity apple debian	5.5
2023-12-11	CVE-2023-6185	Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system. network low complexity libreoffice fedoraproject debian	8.8
2023-12-11	CVE-2023-6186	Improper Preservation of Permissions vulnerability in multiple products Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user. network low complexity libreoffice fedoraproject debian CWE-281	8.8