Vulnerabilities > Debian > Debian Linux

DATE CVE VULNERABILITY TITLE RISK
2023-09-20 CVE-2023-42464 Type Confusion vulnerability in multiple products
A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17.
network
low complexity
netatalk debian CWE-843
critical
 9.8
9.8
2023-09-20 CVE-2019-19450 XML Injection (aka Blind XPath Injection) vulnerability in multiple products
paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.
network
low complexity
reportlab debian CWE-91
critical
 9.8
9.8
2023-09-20 CVE-2023-3341 Out-of-bounds Write vulnerability in multiple products
The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing.
network
low complexity
isc fedoraproject debian CWE-787
7.5
7.5
2023-09-20 CVE-2023-4236 Reachable Assertion vulnerability in multiple products
A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure.
network
low complexity
isc fedoraproject debian netapp CWE-617
7.5
7.5
2023-09-15 CVE-2023-41900 Improper Authentication vulnerability in multiple products
Jetty is a Java based web server and servlet engine.
network
low complexity
eclipse debian CWE-287
4.3
4.3
2023-09-15 CVE-2023-40167 Improper Handling of Length Parameter Inconsistency vulnerability in multiple products
Jetty is a Java based web server and servlet engine.
network
low complexity
eclipse debian CWE-130
5.3
5.3
2023-09-15 CVE-2023-36479 Improper Neutralization of Quoting Syntax vulnerability in multiple products
Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project.
network
low complexity
eclipse debian CWE-149
4.3
4.3
2023-09-12 CVE-2023-4900 Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page.
network
low complexity
google fedoraproject debian
4.3
4.3
2023-09-12 CVE-2023-4901 Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page.
network
low complexity
google fedoraproject debian
4.3
4.3
2023-09-12 CVE-2023-4902 Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page.
network
low complexity
google fedoraproject debian
4.3
4.3