Debian Linux

DATE	CVE	VULNERABILITY TITLE	RISK
2023-10-11	CVE-2023-5486	Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. network low complexity google debian	4.3
2023-10-11	CVE-2023-44981	Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. network low complexity apache debian critical	9.1
2023-10-10	CVE-2023-45648	Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. network low complexity apache debian	5.3
2023-10-10	CVE-2023-42795	Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. network low complexity apache debian	5.3
2023-10-10	CVE-2023-36478	Eclipse Jetty provides a web server and servlet container. network low complexity eclipse jenkins debian	7.5
2023-10-10	CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. network low complexity ietf nghttp2 netty envoyproxy eclipse caddyserver golang f5 apache apple grpc microsoft nodejs dena facebook amazon debian kazu-yamamoto istio varnish-cache-project traefik projectcontour linkerd linecorp redhat fedoraproject netapp akka konghq jenkins openresty cisco	7.5
2023-10-09	CVE-2023-43641	libcue provides an API for parsing and extracting data from CUE sheets. network low complexity lipnitsk fedoraproject debian	8.8
2023-10-09	CVE-2023-45363	Infinite Loop vulnerability in multiple products An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. network low complexity mediawiki debian CWE-835	7.5
2023-10-09	CVE-2023-45364	Incorrect Permission Assignment for Critical Resource vulnerability in multiple products An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. network low complexity mediawiki debian CWE-732	5.3
2023-10-06	CVE-2023-39928	Use After Free vulnerability in multiple products A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. network low complexity webkitgtk debian fedoraproject CWE-416	8.8