Debian Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-11	CVE-2023-5484	Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. network low complexity google fedoraproject debian	6.5
2023-10-11	CVE-2023-5485	Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. network low complexity google debian	4.3
2023-10-11	CVE-2023-5486	Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. network low complexity google debian	4.3
2023-10-11	CVE-2023-44981	Authorization Bypass Through User-Controlled Key vulnerability in multiple products Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. network low complexity apache debian CWE-639 critical	9.1
2023-10-10	CVE-2023-45648	Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. network low complexity apache debian CWE-20	5.3
2023-10-10	CVE-2023-42795	Incomplete Cleanup vulnerability in multiple products Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. network low complexity apache debian CWE-459	5.3
2023-10-10	CVE-2023-36478	Resource Exhaustion vulnerability in multiple products Eclipse Jetty provides a web server and servlet container. network low complexity eclipse jenkins debian CWE-400	7.5
2023-10-10	CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco	7.5
2023-10-09	CVE-2023-43641	Out-of-bounds Write vulnerability in multiple products libcue provides an API for parsing and extracting data from CUE sheets. network low complexity lipnitsk fedoraproject debian CWE-787	8.8
2023-10-09	CVE-2023-45363	Infinite Loop vulnerability in multiple products An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. network low complexity mediawiki debian CWE-835	7.5